Single quotes prevent bindValue from replacing placeholder mark
When I prepare a statement with bindValue the placeholder mark is not replaced if it is surrounded with single quotes. This is problematic since in SQL strings are surrounded by single quotes to avoid keyword conflicts.
See my attachments with screenshots of the content of the database once inserted with and once without single quotes.
I already reported a bug, but meanwhile, I am not sure anymore if this is not just an encoding problem. Is it correct to use single quotes, i.e., should this work/ is this really a bug?
With quotes:
Without quotes:
It is not a bug. Just don't use the single quotes. The bindValue mechanism does not just replace your :path with a string in your statement. No risk of name conflicts. See it as some kind of different namespace.
Wikipedia — Prepared statement — Software support:
Prepared statements are normally executed through a non-SQL binary protocol, for efficiency and protection from SQL injection, but with some DBMSs such as MySQL are also available using a SQL syntax for debugging purposes.
Wikipedia — SQL injection — Parameterized statements:
With most development platforms, parameterized statements that work with parameters can be used (sometimes called placeholders or bind variables) instead of embedding user input in the statement. A placeholder can only store a value of the given type and not an arbitrary SQL fragment. Hence, the SQL injection would simply be treated as a strange (and probably invalid) parameter value.
- Assign multiple values to array in C
- How to compile C code with C headers and CUDA code?
- C program to print the power of 2 Triangle pattern using nested loops
- Issue with interpreting chemical formulae containing multiple levels of parentheses
- Context for dispatch source handler
- How to optimize "don't care" argument with gcc?
- Formatting struct timespec
- Crash or 'segmentation fault' when data is copied/scanned/read to an uninitialized pointer
- Wide character and Locale
- Python extension: using different compiler flags for a C parts and C++ parts
- How to create ECC public key in OpenSSL's "EVP_PKEY" format from the TPM-specific "TPMT_PUBLIC" data structure?
- why does my code in mario more cs50 pset1 print so many hashes for the right pyramid
- How to consider letter by letter of a string and compare them with if functions?
- #ifdef vs #if - which is better/safer as a method for enabling/disabling compilation of particular sections of code?
- #if vs #ifndef vs #ifdef
- What's the purpose of using braces (i.e. {}) for a single-line if or loop?
- Preprocessors in C #if and #ifdef
- How to get "valid data length" of a file?
- Return struct in function in C
- Sizeof operator doesn't work properly after insertion an element
- No previous prototype?
- Passing an array as an argument to a function in C
- Can't find winsock.c or winsock implementation
- Why when flashing my stm32f411re Nucleo board does nothing happen even if I get no errors
- Best practice regarding static library linking and project directory structure in C
- raylib's DrawTextEx doesn't display unicode characters
- named semaphore wont work as assumed in synchronization between process
- How do I set the default launch.json and tasks.json for debugging my C/C++ applications in VS Code
- How to change entry point of C program with gcc?
- Understanding Function Definitions that Return a Function Pointer