-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/30/2015 11:08 AM, Ramar Collins wrote: > I'm working on a static site generator and want to use SQLite to > store metadata. I'm using C and a small library to get the > majority of the work done. My question is, do you have any > suggestions or know where to find more lore on how to nicely embed > SQL in a program like this?
Your C code already has some nasty problems, in particular buffer issues. I believe some snprintf implementations don't null terminate if there would be overflow. If the values had any single quotes in them then the query would be invalid. (And on dynamic sites would be exploitable). These issues would be greatly solved by using this: https://www.sqlite.org/c3ref/mprintf.html > The example is not nearly complete, but I'm almost certain there's > a cleaner way to seperate the SQL from the rest of the code. > Before I go come up with my own thing, I wanted to see if there > perhaps some better solutions already out there. I strongly recommend you don't use C for this. The dynamically typed scripting languages (eg Ruby, Python, Perl, TCL, PHP) all have decent ways of handling databases and lots of strings (both C weaknesses). If you still really want to use C, then write your implementation in a scripting language (which will be a lot quicker), then write a test suite, and finally re-implement in C. If despite all that you still insist on C only, then have a look at the Fossil SCM project. It is written in C and is primarily by the SQLite team. Consider it some of the best practises for the combination . http://fossil-scm.org/index.html/dir?ci=tip However you'll note that it too uses a scripting language internally in places (TH1). Roger -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlYztk8ACgkQmOOfHg372QTbvwCfZlkteYutSqRjZaT70WffQTUB b+8An21W3sump5FT1lioNCJjoIwSRzqu =ejKz -----END PGP SIGNATURE-----
