Consider the following code
char bar[] = "hello world \"One\", two, 'three'";
char *zSQL = sqlite3_mprintf("INSERT INTO stuff (`foo`) VALUES ('%q');", bar ) ;
sqlite3_exec(db, zSQL, 0, 0, 0);
sqlite3_free(zSQL);
/* Produces a exception error */
The problem is that the quotes are not getting escaped in the SQL statement. If I was programing in PHP I would use a function like sqlite_escape_string to escape the strings before inserting them in the SQL query but I can not seem to find the equivalent function in C++. I could build my own sqlite_escape_string like function but i am sure there has to be one already written/tested...
Is there a sqlite_escape_string() equivalent function for c++?
No. Use bound parameters.
See:
http://www.sqlite.org/c3ref/prepare.html
http://www.sqlite.org/c3ref/bind_blob.html
You have the same question that many have posed. There isn't anything built in.
The better solution to string concatenation would be to bind parameters, which sidesteps the escaping issue.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With