Escaping sqlite string in obj-c

0

<p>Problem adding "%" inside your sql queries? read below.</p> <p><span style="font-family: Menlo, Arial, Helvetica, sans-serif; font-size: 11px; color: #e90000; "><span style="color: #d200a5">const</span><span style="color: #000000"> </span><span style="color: #d200a5">char</span><span style="color: #000000"> *sqlStatement = </span>"select fname,lname from students where lname like ?001 and fname like ?002"<span style="color: #000000">;</span></span></p> <div><span style="font-family: Menlo, Arial, Helvetica, sans-serif; font-size: 11px;">Notice that the parameter tokens, ?001 and ?002 do not have quotes around them.</span></div> <div><span style="font-family: Menlo, Arial, Helvetica, sans-serif; font-size: small;"><span style="font-size: 11px;">This statement needs to be prepared in the usual way.</span></span></div> <div><span style="font-family: Menlo, Arial, Helvetica, sans-serif; font-size: small;"><span style="font-size: 11px;"><br /></span></span></div> <div><span style="font-family: Menlo, Arial, Helvetica, sans-serif; font-size: small;"><span style="font-size: 11px;"> <script src="../../javascripts/tiny_mce/themes/advanced/langs/en.js?1249362019" type="text/javascript"></script> <p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo"><span style="color: #7e11ad">NSString</span> *fnameSearch = [<span style="color: #7e11ad">NSString</span> <span style="color: #480085">stringWithFormat</span>:<span style="color: #e90000">@"%%%@%%"</span>, <span style="color: #368288;">fnameSearchWord</span>];</p> <p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo"><span style="color: #7e11ad">NSString</span> *lnameSearch = [<span style="color: #7e11ad">NSString</span> <span style="color: #480085">stringWithFormat</span>:<span style="color: #e90000">@"%%%@%%"</span>, <span style="color: #368288;">lnameSearchWord</span>];</p> <p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo"> </p> <div><span style="font-family: Verdana, Arial, Helvetica, sans-serif; font-size: x-small;"><span style="font-size: 10px; "><span style="font-family: Menlo, Arial, Helvetica, sans-serif; font-size: small;"><span style="font-size: 11px;">Notice the %% characters in the format string. This results in one % in the output string. </span></span></span></span></div> <div><span style="font-family: Verdana, Arial, Helvetica, sans-serif; font-size: x-small;"><span style="font-size: 10px;"><span style="font-family: Menlo, Arial, Helvetica, sans-serif; font-size: small;"><span style="font-size: 11px;">%@ is the replacement token for your string parameter.  </span></span></span></span></div> <div><span style="font-family: Verdana, Arial, Helvetica, sans-serif; font-size: x-small;"><span style="font-size: 10px;"><span style="font-family: Menlo, Arial, Helvetica, sans-serif; font-size: small;"><span style="font-size: 11px;">Finally, you have to bind your strings to the prepared statement like this:</span></span></span></span></div> <div> <p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo"> </p> <span style="color: #7e11ad;"> <p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo"><span style="color: #7e11ad">sqlite3_stmt</span> *compiledStatement;</p> <p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo"><span style="color: #d200a5">if</span>(<span style="color: #480085">sqlite3_prepare_v2</span>(database, sqlStatement, -<span style="color: #3900de">1</span>, &compiledStatement, <span style="color: #d200a5">NULL</span>) == <span style="color: #824725">SQLITE_OK</span>) </p> <p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo"><span style="white-space: pre;"> </span><span style="color: #000000;">{</span></p> <p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo"><span style="color: #008d00;"><span style="white-space: pre;"> </span>  <span style="color: #000000; "><span style="color: #480085">sqlite3_bind_text</span>(<span style="color: #368288;">compiledStatement</span>, <span style="color: #3900de">1</span>, [<span style="color: #368288;">fnameSearchWord</span> <span style="color: #480085">UTF8String</span>], -<span style="color: #3900de">1</span>, <span style="color: #824725">SQLITE_STATIC</span>);</span></span></p> <p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo"><span style="color: #008d00;"><span style="color: #000000; "><span style="white-space: pre;"> </span>  <span style="color: #480085">sqlite3_bind_text</span>(<span style="color: #368288;">compiledStatement</span>, <span style="color: #3900de;">2</span>, [<span style="color: #368288;">lnameSearchWord</span> <span style="color: #480085">UTF8String</span>], -<span style="color: #3900de">1</span>, <span style="color: #824725">SQLITE_STATIC</span>);</span></span></p> <p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo"><span style="color: #008d00;"><span style="color: #000000; "> </span></span></p> <p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo;"><span style="color: #d200a5;"><span style="white-space: pre;"> </span>while</span>(<span style="color: #480085;">sqlite3_step</span>(compiledStatement) == <span style="color: #824725;">SQLITE_ROW</span>)</p> <p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo;"><span style="white-space: pre;"> <span style="color: #000000; white-space: normal;">{</span></span></p> <p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo;"><span style="white-space: pre;"> <span style="white-space: pre;"> </span></span>// continue data manipulation here.</p> <p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo;"> <span style="color: #000000;">}</span></p> <p style="margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Menlo;"><span style="color: #000000;">}</span></p> </span></div> </span></span></div>

2009-11-19T10:25:37+08:00

11 escaping-sqlite-string-in-obj-c Escaping sqlite string in obj-c

2009-11-19T10:30:14+08:00