On 6/25/2012 5:58 PM, Simon Slavin wrote:
On 25 Jun 2012, at 11:36pm, Arbol One <[email protected]> wrote:In my GUI application the user enters a information that will go in a SQLite database table, so statements like: string dbdata = "INSERT INTO friend (name, address, age) VALUES ('Caramba', '490 New Bridge', '49')"; are not very useful in a real life C++ GUI application.That thing you quoted above ... the thing between the double quotes ... is a string. You can make up the string yourself by concatenating several strings together.
I may be a bit oversensitive here, but that seems like an incredibly bad thing to suggest, even in jest. People will do it and yet more SQL Injection attacks will appear.
_______________________________________________ sqlite-users mailing list [email protected] http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
