insert string value with apostrophe
Question
Consider a string with an apostrophe that needs to be inserted into a SQLite table.
INSERT INTO myTable ( table_Title TEXT ) VALUES ( 'world's' )
How can you markup or escape the apostrophe in the value in the INSERT statement?
2 answers
solution1
16 ACCPTED 2010-11-20 02:56:08
http://www.sqlite.org/c3ref/bind_blob.html
You should not be passing input directly into a query as a string like this. Not only is it a nuisance, it's also vulnerable to SQL injection attacks, which may not be a big problem for a Mac app, but is still a bad idea when you have Prepared Statements at your disposal. Prepared Statements ensure the underlying database reads the actual, unmodified, input values safely.
For your specific example (error checking removed for brevity/clarity):
sqlite3 *db;
sqlite3_open("test.db", &db);
// Create a prepared statement
sqlite3_stmt *stmt;
const char *sql = "INSERT INTO myTable (table_Title TEXT) VALUES (?)";
sqlite3_prepare_v2(db, sql, -1, &stmt, NULL);
// Bind the parameter (safely)
sqlite3_bind_text(stmt, 1, "world's", -1, NULL);
// Execute the prepared statement
sqlite3_step(stmt);
(Untested, but you get the idea).
solution2
2 2013-09-29 08:04:59
You can use '' instead of a single apostrophe .
Example to insert haven't
Insert into table_name values('haven''t');
Reference : https://www.sqlite.org/faq.html#q14
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.