Jump to content
Sign in to follow this  
hoangthi

SQL injection

Recommended Posts

hoangthi

I used sqlite.au3, but ...SQL injection

Please help me fix it.

Share this post


Link to post
Share on other sites
NELyon

Can you restate the question? I'm not entirely sure what you're asking.

Are you trying to prevent SQL injection?

Share this post


Link to post
Share on other sites
hoangthi

Can you restate the question? I'm not entirely sure what you're asking.

Are you trying to prevent SQL injection?

#include <SQLite.au3>
#include <SQLite.dll.au3>

Local $hQuery, $aRow, $sMsg,$me
_SQLite_Startup ()
_SQLite_Open (); open :memory: Database
_SQLite_Exec (-1, "CREATE TABLE aTest (a,b,c);"); CREATE a Table

$me="I'm HoangThi"
_SQLite_Exec (-1, "INSERT INTO aTest(a,b,c) VALUES ('c',2,'"&$me&"');"); INSERT Data

$me='"kill online"'
_SQLite_Exec (-1, 'INSERT INTO aTest(a,b,c) VALUES ("c",2,"'&$me&'");'); INSERT Data

_SQlite_Query (-1, "SELECT c FROM aTest ORDER BY a;", $hQuery); the query
While _SQLite_FetchData ($hQuery, $aRow) = $SQLITE_OK
    $sMsg &= $aRow[0]
WEnd
_SQLite_Exec (-1, "DROP TABLE aTest;"); Remove the table
MsgBox(0,"SQLite","Get Data using a Query : " &  $sMsg )
_SQLite_Close()
_SQLite_Shutdown()

I want to be using both 'and " but I can only use 1 ' or "

how to fix this ?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.