Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

SQLite escape string c++

Consider the following code

char bar[] = "hello world \"One\", two, 'three'";
char *zSQL = sqlite3_mprintf("INSERT INTO stuff (`foo`) VALUES ('%q');", bar ) ; 
sqlite3_exec(db, zSQL, 0, 0, 0);
sqlite3_free(zSQL);
/* Produces a exception error */

The problem is that the quotes are not getting escaped in the SQL statement. If I was programing in PHP I would use a function like sqlite_escape_string to escape the strings before inserting them in the SQL query but I can not seem to find the equivalent function in C++. I could build my own sqlite_escape_string like function but i am sure there has to be one already written/tested...

Is there a sqlite_escape_string() equivalent function for c++?

like image 827
Steven Smethurst Avatar asked Jan 27 '11 18:01

Steven Smethurst


2 Answers

No. Use bound parameters.

See:
http://www.sqlite.org/c3ref/prepare.html
http://www.sqlite.org/c3ref/bind_blob.html

like image 147
nobody Avatar answered Sep 21 '22 08:09

nobody


You have the same question that many have posed. There isn't anything built in.

The better solution to string concatenation would be to bind parameters, which sidesteps the escaping issue.

like image 25
RichardTheKiwi Avatar answered Sep 21 '22 08:09

RichardTheKiwi