Escaping string in wxSqlite3 Topic is solved

Talk here about issues with one of the components hosted at wxCode, or suggest features for it.
Post Reply
Kvaz1r
Filthy Rich wx Solver
Filthy Rich wx Solver
Posts: 211
Joined: Tue Jun 07, 2016 1:07 pm

Escaping string in wxSqlite3

Post by Kvaz1r » Sun Mar 22, 2020 1:17 pm

I didn't find special function for escaping strings in the documentation so I just replaced all occurances of "'" with "\\'".
Is there any other cases that one should be aware of?
Because php function also "checking for binary-unsafe characters" and I don't know what mean binary-unsafe characters.

utelle
Moderator
Moderator
Posts: 940
Joined: Tue Jul 05, 2005 10:00 pm
Location: Cologne, Germany
Contact:

Re: Escaping string in wxSqlite3

Post by utelle » Sun Mar 22, 2020 7:30 pm

Kvaz1r wrote:
Sun Mar 22, 2020 1:17 pm
I didn't find special function for escaping strings in the documentation so I just replaced all occurances of "'" with "\\'".
wxSQLite3 provides the class wxSQLite3StatementBuffer for this purpose. Please consult the SQLite documentation for detail information about supported formatting options. However, use of class wxSQLite3StatementBuffer is not recommended. The best approach is to use prepared SQL statements with binding of values to parameters, because it avoids all problems linked to escaping strings.
Kvaz1r wrote:
Sun Mar 22, 2020 1:17 pm
Is there any other cases that one should be aware of?
Because php function also "checking for binary-unsafe characters" and I don't know what mean binary-unsafe characters.
Make sure that strings passed to SQLite are encoded as Unicode / UTF-8, and use prepared SQL statements. Doing so frees you from headaches about "unsafe" characters.

Kvaz1r
Filthy Rich wx Solver
Filthy Rich wx Solver
Posts: 211
Joined: Tue Jun 07, 2016 1:07 pm

Re: Escaping string in wxSqlite3

Post by Kvaz1r » Sun Mar 22, 2020 9:58 pm

Thanks, I'll definitely use prepared statements.

Post Reply