How to correctly SQL injection-proof of my query in lens c

Question

How to correctly SQL injection-proof of my query in lens c

I have one function in my object c code that updates the column of an SQLite table with notes entered by the user in the text box. I want to make sure that I am doing this correctly so that overall there are no security problems or problems. Here is my code, is there something I can do to make it more secure, or is it normal already?

sqlite3_stmt *stmt=nil; sqlite3 *cruddb; //insert const char *sql = "UPDATE Peaks SET notes=? where ID=?"; //Open db sqlite3_open([path UTF8String], &cruddb); sqlite3_prepare_v2(cruddb, sql, -1, &stmt, NULL); sqlite3_bind_text(stmt, 1, [self.viewNotes.text UTF8String], -1, SQLITE_TRANSIENT); sqlite3_bind_int(stmt, 2, [self.detailItem ID]); sqlite3_step(stmt); sqlite3_finalize(stmt); sqlite3_close(cruddb);

+4

sqlite objective-c xcode xcode4.3

lemontwist Jul 14 '12 at 11:04

source share

2 answers

Good question! It looks like you are already doing the right thing by linking your values, rather than doing something stupid, like using [NSString stringWithFormat] to create an SQL statement.

0

trojanfoe Jul 14 '12 at 11:12

source share

PM · Accepted Answer · 2012-07-14T11:10:30+0000

You are already safe for SQL injections because you are passing user input through sqlite3_bind_text and sqlite3_bind_int .

How to correctly SQL injection-proof of my query in lens c

More articles: