Page 1 of 1

Escaping string in wxSqlite3

Posted: Sun Mar 22, 2020 1:17 pm
by Kvaz1r
I didn't find special function for escaping strings in the documentation so I just replaced all occurances of "'" with "\\'".
Is there any other cases that one should be aware of?
Because php function also "checking for binary-unsafe characters" and I don't know what mean binary-unsafe characters.

Re: Escaping string in wxSqlite3

Posted: Sun Mar 22, 2020 7:30 pm
by utelle
Kvaz1r wrote:
Sun Mar 22, 2020 1:17 pm
I didn't find special function for escaping strings in the documentation so I just replaced all occurances of "'" with "\\'".
wxSQLite3 provides the class wxSQLite3StatementBuffer for this purpose. Please consult the SQLite documentation for detail information about supported formatting options. However, use of class wxSQLite3StatementBuffer is not recommended. The best approach is to use prepared SQL statements with binding of values to parameters, because it avoids all problems linked to escaping strings.
Kvaz1r wrote:
Sun Mar 22, 2020 1:17 pm
Is there any other cases that one should be aware of?
Because php function also "checking for binary-unsafe characters" and I don't know what mean binary-unsafe characters.
Make sure that strings passed to SQLite are encoded as Unicode / UTF-8, and use prepared SQL statements. Doing so frees you from headaches about "unsafe" characters.

Re: Escaping string in wxSqlite3

Posted: Sun Mar 22, 2020 9:58 pm
by Kvaz1r
Thanks, I'll definitely use prepared statements.