On Wed, Jul 04, 2012 at 08:29:33AM -0500, Jay A. Kreibich scratched on the wall: > On Wed, Jul 04, 2012 at 01:09:01AM -0500, Nico Williams scratched on the wall: > > > But this would > > just be a glorified (if safer) variant of sqlite3_mprintf() -- for > > apps that allow users to manipulate the schema this could actually be > > a good improvement. > > The sqlite3_*printf() family supports the %w option specifically > for the safe formatting identifiers.
...and someone just pointed out that %w isn't documented on the SQLite site: http://sqlite.org/c3ref/mprintf.html Sorry about that. I'm not sure if that's an oversight in the docs, or if it is an undocumented feature. See "Using SQLite" <http://shop.oreilly.com/product/9780596521196.do>, Apdx G, p474-475 for more info. It seems these pages are included in Amazon's "Look Inside" feature (at least for me): <http://www.amazon.com/Using-SQLite-Jay-A-Kreibich/dp/0596521189/>. Or see the SQLite source. -j -- Jay A. Kreibich < J A Y @ K R E I B I.C H > "Intelligence is like underwear: it is important that you have it, but showing it to the wrong people has the tendency to make them feel uncomfortable." -- Angela Johnson _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
