预准备语句中的SQLite绑定功能 [英] SQLite binding function in prepared statement

问题描述

我对绑定当前日期有疑问.我想使用datetime('now')函数作为插入值之一.

I've problem with binding current date. I want to use datetime('now') function as one of inserted value.

我用过这样的东西:

sqlite3_bind_text(stmt, i + 1, values[i], -1, SQLITE_STATIC);

，其中values[i]是char * text = datetime('now').但显然它会插入该文本.是否可以绑定这样的功能:datetime('now')?

where values[i] is char * text = datetime('now'). But obviously it inserts that text. Is there possibility to bind function like that: datetime('now')?

推荐答案

根据定义，绑定很好地转义了所有内容，并确保所有内容都是SQL解释程序实际上不会误读为SQL组件的字符串.这是一个数据安全问题.

Binding, by definition, nicely escapes everything and makes sure everything is a string that the SQL interpreter doesn't actually misread as an SQL component. It's a data safety issue.

相反，让您的stmt变量将datetime('now')直接放在原始SQL表达式中应放置的位置. IE，删除相关的?并将datetime('now')放在其位置.

Instead, make your stmt variable put the datetime('now') directly where it should be in the original SQL expression. IE, remove the related ? and put datetime('now') in its place.

这篇关于预准备语句中的SQLite绑定功能的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！