On 2 Mar 2015, at 12:23am, Jay Kreibich <jay at kreibi.ch> wrote: > Every database I?ve every used starts SQL parameter indexes from 1. I?m not > sure it is part of the SQL standard, but it is more or less the defacto > standard of SQL APIs, and might be considered part of the SQL language.
I hope the SQLite library does something appropriate if you try to bind to parameter 0. It would seem to be an excellent avenue for a security bug if nothing tests for it. Simon.