In order to avoid SQL injection it would be great to have a function that could bind data to select statement just like the one slExeBind does which only works for INSERT or UPDATE statements.
Sounds good. I will look into to it.
I have done some work on this issue my self and it works. I haven't finished yet everything but if you wish I can send you a zip file with the code in it. Mind though that the adaptation is based on version 1.30 of SQLitening.
The files that have been adopted are SQLitening.bas, SQLiteningClient.bas, SQLiteningServer and the inc file.
What needs to be done is add the ModChars for the select statement.
Just give me a shout if you need the files (provide emailaddress :-))
Yes, I would like to use your code as a starting place. You could zip the four files and post them here as an attachment.
Thsi is a bit embarrasing. i can't get the ProcessRequest %reqSelBind return a row, I thought it worked but it doesn't yet. However here is the zip file requested.
I'm still looking further at it.
I got the binding the work. Make sure that ...
1. You bind the variables as TEXT not BLOB
2. When you first do the sqlite3_step you get a %SQLITE3_DONE which is false. You should test for the occurance of the step count. If you get a DONE after the second call to the _step function you should abend.
Thank you Steven for all the work!
It might be dangerous to replace our current files with these files because
modifications to SQLitening were made after 2010 (especially using threading.)
These modifications might be merged into the current version of the files.