Menu
Consider a string with an apostrophe that needs to be inserted into a SQLite table.
INSERT INTO myTable ( table_Title TEXT ) VALUES ( 'world's' )
How can you markup or escape the apostrophe in the value in the INSERT statement?
809
The apostrophe character can be inserted by calling the CHAR function with the apostrophe's ASCII table lookup value, 39. The string values can then be concatenated together with a concatenate operator.
Placeholders. pixel13 commented 16 years ago. They're just placeholders for the values that follow in the command (e.g. in db_query). You must use %d for integer values and %s for string values.
http://www.sqlite.org/c3ref/bind_blob.html
You should not be passing input directly into a query as a string like this. Not only is it a nuisance, it's also vulnerable to SQL injection attacks, which may not be a big problem for a Mac app, but is still a bad idea when you have Prepared Statements at your disposal. Prepared Statements ensure the underlying database reads the actual, unmodified, input values safely.
For your specific example (error checking removed for brevity/clarity):
sqlite3 *db;
sqlite3_open("test.db", &db);
// Create a prepared statement
sqlite3_stmt *stmt;
const char *sql = "INSERT INTO myTable (table_Title TEXT) VALUES (?)";
sqlite3_prepare_v2(db, sql, -1, &stmt, NULL);
// Bind the parameter (safely)
sqlite3_bind_text(stmt, 1, "world's", -1, NULL);
// Execute the prepared statement
sqlite3_step(stmt);
(Untested, but you get the idea).
114
You can use '' instead of a single apostrophe .
Example to insert haven't Insert into table_name values('haven''t');
Reference : https://www.sqlite.org/faq.html#q14
33
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
