So that last few days have been an annoying trail of tears for me in trying to find out exactly what is supposed to be done to escape strings so that they can be safely inserted into a SQLite database.
Google revealed unto me that PHP users should make use of the sqlite_escape_string function. But what does it do?
Looking at the PHP code revealed the answer about the same time the IRC channel (#sqlite on Freenode) did: the sqlite3_mprintf function, which is similar to the C++ printf function.
Apparently the most reasonable way to escape your strings is by doing something like this:
strMyEscapedString = sqlite3_mprintf("%q", strMyString);
What this formatting function does to strings passed in using %q, I don't know (other than doubling up single quotes). But it appears to be the Right Way To Do It.
Subscribe To
Posts
Comments
1 comment:
This is a long shot, but I am trying to get ahold of Dillon Sadofsky graduated from Ashland Greenwood High School in 2002. I am looking for an email address or something so that we can invite him to his 10 year High School Reunion. This blog was the only method of contacting him that we could find.
Please respond to keri.losh@gmail.com
Thanks,
Keri Losh (White)
Post a Comment