如何在iPhone中为SQLite编写预准备语句 [英] How to write prepared statements for SQLite in iPhone

问题描述

如何在iPhone中为SQLite编写预备语句？是否可以在使用sqlite db的iPhone应用程序中进行SQL注入？

How to write prepared statements for SQLite in iPhone? Is it possible to do SQL Injection in iPhone apps that use sqlite db?

推荐答案

我建议如果你开始使用现在你应该使用Core Data而不是直接编写SQLite来开发iPhone应用程序。话虽如此，创建一个准备好的声明很简单，记录良好：

I would suggest that if you're starting to develop an iPhone app now you should probably use Core Data rather than coding directly to SQLite. Having said that, creating a prepared statement is simple and well documented:

sqlite3_stmt* statement_handle;
sqlite3_prepare_v2(db, "select a,b from Table where c = ?", -1, &statement_handle, NULL);

是的，可能在编码错误的应用程序中发生SQL注入攻击。使用预准备语句可以避免它。

And yes, it is possible to have SQL injection attacks in a badly coded application. Using prepared statements goes a long way to avoid it.

这篇关于如何在iPhone中为SQLite编写预准备语句的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！