How to connect to SQLITE?
kdevel
kdevel at vogtner.de
Sat Nov 28 17:50:43 UTC 2020
On Saturday, 28 November 2020 at 13:29:50 UTC, Ferhat Kurtulmuş
wrote:
> On Saturday, 28 November 2020 at 12:01:59 UTC, Alex NL wrote:
>> Is there libs for SQLITE?
>> How to use it? thanks.
>
> https://github.com/aferust/GtkD-examples-for-TreeView-and-ListBox
IMNSHO the code in example1.d
string sql = format("UPDATE User SET %s = '%s' WHERE id =
%s;", field, text, curId);
db.query(sql);
and that in example2.d
string sql = format("UPDATE User SET %s = '%s' WHERE id =
%d;", field, value, cid);
db.query(sql);
is prone to SQL injection attacks. Why don't you use ? as
placeholder as in the example
db.query("INSERT INTO people (id, name) VALUES (?, ?)", 5,
"Adam");
of
http://dpldocs.info/experimental-docs/arsd.database.html
If your database is compromised you can blame the arsd.database
author(s) for publishing a buggy db.escape function ;-)
More information about the Digitalmars-d-learn
mailing list