SQLite 转义字符串 c++
考虑以下代码
char bar[] = "hello world \"One\", two, 'three'";
char *zSQL = sqlite3_mprintf("INSERT INTO stuff (`foo`) VALUES ('%q');", bar ) ;
sqlite3_exec(db, zSQL, 0, 0, 0);
sqlite3_free(zSQL);
/* Produces a exception error */
问题是 SQL 语句中的引号没有被转义。如果我用 PHP 编程,我会使用类似 sqlite_escape_string 的函数在将字符串插入 SQL 查询之前对它们进行转义,但我似乎无法在 C++ 中找到等效的函数。我可以构建自己的 sqlite_escape_string 之类的函数,但我确信必须有一个已经编写/测试过的函数...
c++ 是否有一个 sqlite_escape_string() 等效函数?
Consider the following code
char bar[] = "hello world \"One\", two, 'three'";
char *zSQL = sqlite3_mprintf("INSERT INTO stuff (`foo`) VALUES ('%q');", bar ) ;
sqlite3_exec(db, zSQL, 0, 0, 0);
sqlite3_free(zSQL);
/* Produces a exception error */
The problem is that the quotes are not getting escaped in the SQL statement. If I was programing in PHP I would use a function like sqlite_escape_string to escape the strings before inserting them in the SQL query but I can not seem to find the equivalent function in C++. I could build my own sqlite_escape_string like function but i am sure there has to be one already written/tested...
Is there a sqlite_escape_string() equivalent function for c++?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
否。使用绑定参数。
请参阅:
http://www.sqlite.org/c3ref/prepare.html
http://www.sqlite.org/c3ref/bind_blob.html
No. Use bound parameters.
See:
http://www.sqlite.org/c3ref/prepare.html
http://www.sqlite.org/c3ref/bind_blob.html
您和许多人提出了同样的问题。没有内置任何东西。
字符串连接的更好解决方案是绑定参数 ,这回避了转义问题。
You have the same question that many have posed. There isn't anything built in.
The better solution to string concatenation would be to bind parameters, which sidesteps the escaping issue.