问题描述

如何在iPhone中为SQLite编写预备语句？是否可以在使用sqlite db的iPhone应用程序中进行SQL注入？

How to write prepared statements for SQLite in iPhone? Is it possible to do SQL Injection in iPhone apps that use sqlite db?

推荐答案

我建议如果你开始使用现在你应该使用Core Data而不是直接编写SQLite来开发iPhone应用程序。话虽如此，创建一个准备好的声明很简单，：

I would suggest that if you're starting to develop an iPhone app now you should probably use Core Data rather than coding directly to SQLite. Having said that, creating a prepared statement is simple and well documented:

sqlite3_stmt* statement_handle;
sqlite3_prepare_v2(db, "select a,b from Table where c = ?", -1, &statement_handle, NULL);

是的，可能在编码错误的应用程序中发生SQL注入攻击。使用预准备语句可以避免它。

And yes, it is possible to have SQL injection attacks in a badly coded application. Using prepared statements goes a long way to avoid it.

这篇关于如何在iPhone中为SQLite编写预准备语句的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！