Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Added explanation and examples for %Q format specifier. (CVS 623) |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA1: |
633ce4dd252ac351b04bdb7bed2d5374 |
User & Date: | chw 2002-06-16 04:57:32.000 |
Context
2002-06-16
| ||
18:21 | Expose an additional internal API routine (sqliteInitCallback()) for use by private code. (CVS 624) (check-in: cd74495f99 user: drh tags: trunk) | |
04:57 | Added explanation and examples for %Q format specifier. (CVS 623) (check-in: 633ce4dd25 user: chw tags: trunk) | |
04:56 | Added printf-4.(2-4) test cases to test new %Q format specifier. (CVS 622) (check-in: 7d5fc35b5d user: chw tags: trunk) | |
Changes
Changes to www/c_interface.tcl.
1 2 3 | # # Run this Tcl script to generate the sqlite.html file. # | | | 1 2 3 4 5 6 7 8 9 10 11 | # # Run this Tcl script to generate the sqlite.html file. # set rcsid {$Id: c_interface.tcl,v 1.30 2002/06/16 04:57:32 chw Exp $} puts {<html> <head> <title>The C language interface to the SQLite library</title> </head> <body bgcolor=white> <h1 align=center> |
︙ | ︙ | |||
614 615 616 617 618 619 620 | SQLite printf routines, there is never a danger of overflowing a static buffer as there is with <b>sprintf()</b>. The SQLite printf routines automatically allocate (and later free) as much memory as is necessary to hold the SQL statements generated.</p> <p>The second advantage the SQLite printf routines have over | | | > > > > | 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 | SQLite printf routines, there is never a danger of overflowing a static buffer as there is with <b>sprintf()</b>. The SQLite printf routines automatically allocate (and later free) as much memory as is necessary to hold the SQL statements generated.</p> <p>The second advantage the SQLite printf routines have over <b>sprintf()</b> are two new formatting options specifically designed to support string literals in SQL. Within the format string, the %q formatting option works very much like %s in that it reads a null-terminated string from the argument list and inserts it into the result. But %q translates the inserted string by making two copies of every single-quote (') character in the substituted string. This has the effect of escaping the end-of-string meaning of single-quote within a string literal. The %Q formatting option works similar; it translates the single-quotes like %q and additionally encloses the resulting string in single-quotes. If the argument for the %Q formatting options is a NULL pointer, the resulting string is NULL without single quotes. </p> <p>Consider an example. Suppose you are trying to insert a string value into a database table where the string value was obtained from user input. Suppose the string to be inserted is stored in a variable named zString. The code to do the insertion might look like this:</p> |
︙ | ︙ | |||
663 664 665 666 667 668 669 670 671 672 673 674 675 676 | </pre></blockquote> <p>Here the apostrophy has been escaped and the SQL statement is well-formed. When generating SQL on-the-fly from data that might contain a single-quote character ('), it is always a good idea to use the SQLite printf routines and the %q formatting option instead of <b>sprintf</b>. </p> <h2>Adding New SQL Functions</h2> <p>Beginning with version 2.4.0, SQLite allows the SQL language to be extended with new functions implemented as C code. The following interface is used: </p> | > > > > > > > > > > > > > > > > > > > > > > | 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 | </pre></blockquote> <p>Here the apostrophy has been escaped and the SQL statement is well-formed. When generating SQL on-the-fly from data that might contain a single-quote character ('), it is always a good idea to use the SQLite printf routines and the %q formatting option instead of <b>sprintf</b>. </p> <p>If the %Q formatting option is used instead of %q, like this:</p> <blockquote><pre> sqlite_exec_printf(db, "INSERT INTO table1 VALUES(%Q)", 0, 0, 0, zString); </pre></blockquote> <p>Then the generated SQL will look like the following:</p> <blockquote><pre> INSERT INTO table1 VALUES('Hi y''all') </pre></blockquote> <p>If the value of the zString variable is NULL, the generated SQL will look like the following:</p> <blockquote><pre> INSERT INTO table1 VALUES(NULL) </pre></blockquote> <h2>Adding New SQL Functions</h2> <p>Beginning with version 2.4.0, SQLite allows the SQL language to be extended with new functions implemented as C code. The following interface is used: </p> |
︙ | ︙ |