I know how to put text into a sqlite3 table in objective c. This

Question

0

Asked: May 24, 20262026-05-24T02:39:42+00:00 2026-05-24T02:39:42+00:00

I know how to put text into a sqlite3 table in objective c. This

0

I know how to put text into a sqlite3 table in objective c. This is how I’m doing it:

NSString *sql = [NSString stringWithFormat: @"INSERT OR REPLACE INTO myTable (name, response) VALUES ('%@','%@');", name, response];

char *err;
if (sqlite3_exec(db, [sql UTF8String], NULL, NULL, &err) != SQLITE_OK)
{
    sqlite3_close(db);
}

My big concern is that since the text I’m putting into the table is coming directly from the user, it could contain any characters, including things like apostrophes, which would need to be escaped before being put into the table.

I have two main questions:

Besides apostrophes, what other characters do I need to escape for sql text that a user might enter?
What is the best way to alter the NSString to put in escapes before the characters that need to be escaped, before putting it into the sql table? Should I just use a scanner and parse the string character by character searching for characters that should be escaped?

Thanks!

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-24T02:39:44+00:00

Editorial Team

2026-05-24T02:39:44+00:00Added an answer on May 24, 2026 at 2:39 am

You should use the built in ? feature. You will need to create prepared statement, then use sqlite_3_bind_text.

"INSERT OR REPLACE INTO myTable (name, response) VALUES (?,?);"

I would also recommend looking into FMDB.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I know how to put text into a sqlite3 table in objective c. This

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply