sql - SQLite escape string c++

Question

Ask a Question

Welcome To Ask or Share your Answers For Others

sql - SQLite escape string c++

asked Oct 24, 2021 in Technique[技术] by 深蓝 (71.8m points)

Consider the following code

char bar[] = "hello world "One", two, 'three'";
char *zSQL = sqlite3_mprintf("INSERT INTO stuff (`foo`) VALUES ('%q');", bar ) ; 
sqlite3_exec(db, zSQL, 0, 0, 0);
sqlite3_free(zSQL);
/* Produces a exception error */

The problem is that the quotes are not getting escaped in the SQL statement. If I was programing in PHP I would use a function like sqlite_escape_string to escape the strings before inserting them in the SQL query but I can not seem to find the equivalent function in C++. I could build my own sqlite_escape_string like function but i am sure there has to be one already written/tested...

Is there a sqlite_escape_string() equivalent function for c++?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙；凝视深渊过久,深渊将回以凝视…

825 views

1 Answer

深蓝 · Answer 1 · 2021-10-23T19:38:21+0000

answered Oct 24, 2021 by 深蓝 (71.8m points)

No. Use bound parameters.

See:
http://www.sqlite.org/c3ref/prepare.html
http://www.sqlite.org/c3ref/bind_blob.html

与恶龙缠斗过久,自身亦成为恶龙；凝视深渊过久,深渊将回以凝视…

Categories

sql - SQLite escape string c++

Please log in or register to add a comment.

Please log in or register to answer this question.

1 Answer

Please log in or register to add a comment.

Just Browsing Browsing

Most popular tags