Answer the question
In order to leave comments, you need to log in
How to protect UPDATE query from SQL injections in SQLite?
I am developing a mobile application in Apache Cordova, I need to store a string that can contain postrophes.
The plugin used to access sqlite does not give all the expressiveness of the native use of sql queries. In addition, on the Internet I found examples of using update only of the form
UPDATE posts SET description = 'i'm robot', postTime = '1469983320000' WHERE UID = ?
UPDATE posts SET (description, postTime) VALUES (?,?) WHERE UID = ?
in order to avoid adding escape apostrophes to the string (with them the string "O'Brien" would look like "O''Brien")? Answer the question
In order to leave comments, you need to log in
In general, you cannot use preapred statement in this plugin. I made a direct replacement of single apostrophes with double apostrophes with a regexp.
If the platform is node.js, then: https://github.com/mapbox/node-sqlite3/wiki/API#da...
If different, then it makes sense to search for sqlite parameterized query
https://www.sqlite.org/c3ref/prepare.html
Often this is called a preapred statement or prepared query, so it's also useful to google for these queries).
What plugin is it?
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question