Here is my sql in cpp:
boost::format("select Rowid from Name where Idx match '%s'") % key
Is it safe to prevent injection by filtering quotation marks?
exmaple:
key : "ab'c" -> "ab''c"
key : "a\"b'c" -> "a\"\"b'c"
Asked
Active
Viewed 17 times
0
oolong
- 1
-
What is sqlite fts? – sehe Dec 29 '21 at 11:35
-
Alternatively use the bind_XXX functions https://www.sqlite.org/c3ref/bind_blob.html – sehe Dec 29 '21 at 11:37