in the following piece of code, I see that when my ‘description’ is something

Question

0

Asked: May 11, 20262026-05-11T10:25:21+00:00 2026-05-11T10:25:21+00:00

in the following piece of code, I see that when my ‘description’ is something

0

in the following piece of code, I see that when my ‘description’ is something like: ' ' ' ', I have a problem updating the description to the sqlite record. How do i handle the ‘ character. thanks!

sql = wxString::Format( 'UPDATE event SET event_description='%s' WHERE id=%d', description.c_str(), event_id); rc = sqlite3_exec((sqlite3 *)_theDB, sql.c_str(), NULL, 0, &sqlError);

The OP answered his own question:

check this out FAQ we need to replace the occurences of ‘ with ” in the string

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

score 0 · Answer 1 · 2026-05-11T10:25:21+00:00

2026-05-11T10:25:21+00:00Added an answer on May 11, 2026 at 10:25 am

Doubling up all the single quotes in the description string is one way to do it. This way you can avoid malicious descriptions (see Bobby Tables).

' '

becomes:

 '' ''

And more importantly, the potentially dangerous description:

' WHERE 1=1 DELETE FROM Event --

becomes the harmless:

'' WHERE 1=1 DELETE FROM Event --

Another (safer) way, is to use prepared statements.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

in the following piece of code, I see that when my ‘description’ is something

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply