When you say "create a function" -- sure you can write your own program that would do that -- but it sounds like you want something to intercept all the calls, yes? You could create an insert or update trigger. Then write your own cleanup sqlite function to stick in the trigger. Shouldn't be hard to do at all. http://www.sqlite.org/capi3ref.html#sqlite3_create_function Michael D. Black Senior Scientist Northrop Grumman Mission Systems
________________________________ From: [email protected] on behalf of seandakid Sent: Wed 5/19/2010 2:24 PM To: [email protected] Subject: [sqlite] SQLite file Validation Hi all, Total noob question for you guys: Background: I have a project where there are many components touching different SQLite dbs. Devs were told to make sure they are validating their sql statements, but as I have seen in the code, few of them have. On some components they have used the BIND statement, which will help. We are dealing with media file inputs mostly on this project, so people might have files named "Michael Jackson; Beat it; Thriller" or something like that. My concern is possible sql injections throughout the different code. We are on a tight deadline and we are unable to get back and recode a bunch of components. Question: Do you think that instead of getting them go back throughout their code, it is feasible to create a function that just eliminates the ; and replaces it with a ,? And if so, any suggested code? Thanks so much for your time. -Steve -- View this message in context: http://old.nabble.com/SQLite-file-Validation-tp28612927p28612927.html Sent from the SQLite mailing list archive at Nabble.com. _______________________________________________ sqlite-users mailing list [email protected] http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
_______________________________________________ sqlite-users mailing list [email protected] http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
