tags:

views:

134

answers:

3
Q: 

How to insert any string in sqlite3 in c

Hi I have to insert a string into a sqlite data base my command ..

Err=sqlite_exec(DB, "create table tbl5(TEXT varchar(100));", xCallback, (void*)"First Test", &ErrMsg);

Err=sqlite_exec(DB, "insert into tbl5 values  ('some string');", xCallback, (void*)"First Test", &ErrMsg);

works fine but when I want to put s="some string" ie

Err=sqlite_exec(DB, "insert into tbl5 values  (s);", xCallback, (void*)"First Test", &ErrMsg);

then this is not working so how to add variable then It is not working so how to insert variable in sqlite database thank u

A: 

You could use sprintf to create a formatted string.

char s[20] = "some string";
char query[100];
sprintf(query, "insert into tbl5 values (%s);", s);

It's up to you to make sure query is big enough.

Pieter  2010-05-31 08:54:35
Using `sprintf()` here is probably a bad advice. See my answer for the "why".
ereOn  2010-05-31 09:01:28
+3  A: 

Don't use sprintf() but sqlite3_mprintf(). Here is the documentation.

char s[20] = "some string";
char* query = sqlite3_mprintf("insert into tbl5 values ('%q');", s);

Otherwise you have a risk of SQL injection.

The resulting query string should be freed using sqlite3_free().

Also note the '%q' instead of the usual '%s'.

ereOn  2010-05-31 08:59:46
Interesting function, I didn't know it existed. I used sqlite3 in C++, using `std` functionality for building my queries. Hence, I wasn't aware of this C-oriented functionality.
Pieter  2010-05-31 09:03:16
@Pieter: Actually, I also use it in `C++`. The documentation of sqlite isn't really straightforward but it seems this is the only way of doing this safely.
ereOn  2010-05-31 09:04:54
+1  A: 

Other than the suggestions already given, you can also use prepared statements with bound parameters (this is also useful if you intend to repeat the statement several times with different parameters). see the sqlite3_prepare_v2 and sqlite3_bind_* for more information

sqlite3_stmt *stmt;

// Create a prepared statement
Err = sqlite3_prepare_v2(DB, "insert into tbl5 values (?)", -1, &stmt, NULL);
if (Err != SQLITE_OK)
{
    //...
}

// Bind our string to the statement
Err = sqlite3_bind_text(stmt, 1, "some string", -1, SQLITE_TRANSIENT);
if (Err != SQLITE_OK)
{
    //...
}

// Execute the statement
Err = sqlite3_step(stmt);
if (Err != SQLITE_OK)
{
    //...
}

// Free the prepared statement
Err = sqlite3_finalize(stmt);
Hasturkun  2010-05-31 09:26:07

related questions

any good tool for makefile generation?
How do you pass a function as a parameter in C?
Where should a veteran C programmer start in order to master Java ?
Any good book on best practice and guidelines in developing a SDK in C?
How do you determine the size of a file in C?
Decoding printf statements in C (Printf Primer)
Shift operator in C
How to avoid redefining VERSION, PACKAGE, etc.
Alpha blending sprites in Nintendo DS Homebrew
When should I use type abstraction in embedded systems
How to implement continuations?
What are the barriers to understanding pointers and what can be done to overcome them?
Anyone have experience creating a shared library in MATLAB?
String.indexOf function in C
Passing multidimensional arrays as function arguments in C
C/C++ library for reading MIDI signals from a USB MIDI device
Choosing a static code analysis tool
How do you printf an unsigned long long int?
Good STL-like library for C.
Rockbox audio format
Why am I getting a malloc: double free error with realloc()?
Should I learn C?
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?
How to use the C socket API in C++ on z/OS