SQLite转义字符串c ++ [英] SQLite escape string c++
问题描述
考虑以下代码
char bar[] = "hello world \"One\", two, 'three'";
char *zSQL = sqlite3_mprintf("INSERT INTO stuff (`foo`) VALUES ('%q');", bar ) ;
sqlite3_exec(db, zSQL, 0, 0, 0);
sqlite3_free(zSQL);
/* Produces a exception error */
问题是报价没有得到在SQL语句中转义。如果我正在编程PHP,我将使用一个功能,如 sqlite_escape_string 在将它们插入SQL查询之前转义字符串,但是我似乎找不到C ++中的等效函数。我可以建立自己的sqlite_escape_string类似的功能,但我确定必须有一个已经写/测试...
The problem is that the quotes are not getting escaped in the SQL statement. If I was programing in PHP I would use a function like sqlite_escape_string to escape the strings before inserting them in the SQL query but I can not seem to find the equivalent function in C++. I could build my own sqlite_escape_string like function but i am sure there has to be one already written/tested...
是否有一个sqlite_escape_string()等效的c ++函数?
Is there a sqlite_escape_string() equivalent function for c++?
推荐答案
否。使用绑定参数。
请参阅:
http://www.sqlite.org/c3ref/prepare.html
http://www.sqlite.org/c3ref/bind_blob.html
这篇关于SQLite转义字符串c ++的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!