3. Status Of Recent SQLite CVEs  ... 22) Malicious SQL statement causes a NULL pointer dereference and denial-of-service. (details) CVE-2019-19646 3.31.0(2020-01-22) The PRAGMA integrity_check command might cause the byte-code for a prepared statement to loop indefinitely. This ... 

5. CREATE, ALTER and DROP TABLE commands  ... The text of the child CREATE TABLE statement or statements stored in the sqlite_schema table are modified to reflect the new parent table name. If foreign key constraints are enabled when it is prepared, the DROP TABLE command performs an ... 

3.4. The cache method The "eval" method described above keeps a cache of prepared statements for recently evaluated SQL commands. The "cache" method is used to control this cache. The first form of this command is: dbcmd  cache size  N ... 

2. The VFS In Relation To The Rest Of SQLite  ... The byte code generated by the top three layers is a prepared statement. The Virtual Machine module is responsible for running the SQL statement byte code. The B-Tree module organizes a database file into multiple key/value stores with ... 

SQLITE_FCNTL_LOCKSTATE, SQLITE_FCNTL_GET_LOCKPROXYFILE, SQLITE_FCNTL_SET_LOCKPROXYFILE, SQLITE_FCNTL_LAST_ERRNO, SQLITE_FCNTL_SIZE_HINT, SQLITE_FCNTL_CHUNK_SIZE ... 

 ... If the SQLITE_FCNTL_PRAGMA file control returns SQLITE_OK, then the parser assumes that the VFS has handled the PRAGMA itself and the parser generates a no-op prepared statement if result string is NULL, or that returns a copy of the ... 

3. The New Pointer-Passing Interfaces  ... sqlite3_bind_pointer(S,I,P,T,D) → Bind pointer P of type T to the I-th parameter of prepared statement S. D is an optional destructor function for P. sqlite3_result_pointer(C,P,T,D) → Return pointer P of ... 

 ... The fix in version 3.7.15 was to not cache collating function pointers in the expression structure but instead look them up each time a new statement is prepared. This release also contains some important enhancements to the query ... 

4. The Need For Over 200 SQL Statements Per Webpage  ... For one, the section of the code that creates the timeline query can be completely separate from the section that prepares each timeline entry for display. This provides a separation of responsibility that helps keep the code simple and easy ... 

4.1. SQL Fuzz  ... Sometimes, purely by chance, the SQL statement also happens to be semantically correct. In that case, the resulting prepared statement is run to make sure it gives a reasonable result.

 ... Except, sqlite3_aggregate_context() might return NULL in the case of an out-of-memory error, so aggregate functions should be prepared to deal with that case. After all rows are processed the countFinalize() routine is called exactly once. This routine computes ...