On 08 Oct 2011 at 23:32, Simon Slavin <slav...@bigfraud.org> wrote: > On 8 Oct 2011, at 10:37pm, Tim Streater wrote: > >> I have this string: >> >> attach database ':memory:' as mem; create table mem.messages ( absid >> integer, ..., replyto text ); >> >> (where the ellipsis represents a number of other column declarations). In >> PHP, I do this: >> >> $dbh->query ($str); >> >> where $str contains the string from above. > > I'm not clear whether you're using the PDO or the sqlite3 extension to PHP.
I'm using PDO. And I've now knocked up a small test program allowing me to use either. > But first I notice you're using ::query() and you should be using ::exec() . OK I'll study these to see why :-) > And second, the documentation says that both functions execute only one > statement. My guess is that they ignore everything after the ';' used as a > statement separator. But you should try it with ::exec() and find out for > yourself. Well, with my test program it looks like PDO does ignore anything after the semi-colon. The sqlite3 extension, by contrast, does appear to process after it. > Refusing to process multiple SQL statements is probably going to be the best > thing to do in today's security-sensitive times. It acts against attempts to > break your database using techniques like this: Hmmm. There are places where I have a sequence of statements. I was trying to reduce overhead by combining them. But perhaps that's not possible, or, in the case of the sqlite3 extension, unreliable at best. > <http://xkcd.com/327/> I get a 404. -- Cheers -- Tim
_______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
