预准备语句中的SQLite绑定功能 [英] SQLite binding function in prepared statement
问题描述
我对绑定当前日期有疑问.我想使用datetime('now')
函数作为插入值之一.
I've problem with binding current date. I want to use datetime('now')
function as one of inserted value.
我用过这样的东西:
sqlite3_bind_text(stmt, i + 1, values[i], -1, SQLITE_STATIC);
,其中values[i]
是char * text = datetime('now')
.但显然它会插入该文本.是否可以绑定这样的功能:datetime('now')
?
where values[i]
is char * text = datetime('now')
. But obviously it inserts that text. Is there possibility to bind function like that: datetime('now')
?
推荐答案
根据定义,绑定很好地转义了所有内容,并确保所有内容都是SQL解释程序实际上不会误读为SQL组件的字符串.这是一个数据安全问题.
Binding, by definition, nicely escapes everything and makes sure everything is a string that the SQL interpreter doesn't actually misread as an SQL component. It's a data safety issue.
相反,让您的stmt
变量将datetime('now')直接放在原始SQL表达式中应放置的位置. IE,删除相关的?
并将datetime('now')
放在其位置.
Instead, make your stmt
variable put the datetime('now') directly where it should be in the original SQL expression. IE, remove the related ?
and put datetime('now')
in its place.
这篇关于预准备语句中的SQLite绑定功能的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!