On Thu, Nov 14, 2013 at 2:14 PM, Richard Hipp <d...@sqlite.org> wrote:
> On Thu, Nov 14, 2013 at 7:58 AM, L. Wood <lwoo...@live.com> wrote:
>
> > Suppose I have a table with one text column. I insert like this:
> >
> > INSERT INTO my_table (col1) VALUES ('arbitrary UTF-8 string');
> >
> > * Isn't it true that the string must indeed be surrounded by single
> quotes
> > as I do above?
> > * Isn't it true that I have to replace all occurrences of ' in the
> > original string with '' (to escape each single quote)?
> ...
> It is safer and faster to use the sqlite3_bind_text() interface.
>
Also useful, if you can't use the bind() interfaces for some reason, is
sqlite3_mprintf(), which includes custom formatting specifiers which take
care of the quoting:
http://www.sqlite.org/c3ref/mprintf.html
Specifically, see the %q and %Q format specifiers.
--
----- stephan beal
http://wanderinghorse.net/home/stephan/
http://gplus.to/sgbeal
"Since tyranny's the only guaranteed byproduct of those who insist on a
perfect world, freedom will have to do." -- Bigby Wolf
_______________________________________________
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
