Prepared SQLite Statements vs not

Have an app that has about 50 tables, 30 SQL prepared statements and 100 SQL not prepared statements.

The reason for the difference is the non prepared statements are old code, and the prepared statements is recent code.

When I first began using Real Basic the code example I used as a guide were coded that way, I did not know about prepared statements.

Both are working the way they are. However there are people on this list that stress “Prepared Statement should be used”.

My QUESTON is: Should I make an effort to change all to Prepared Statement or “if it’s not broke don’t mess with it”.

Any statements that use user entered data should be changed to protect from sql injection attacks. The others aren’t a risk so don’t necessarily need to be changed.

Thanks.
I don’t think I need to worry about injection attacks, just protect dumb users from then self.

What about weird characters (with non prepared statements) like :, ', ", etc. ?

Anything that includes string variables that are provided by the user should be changed.

Thank all.

I guess I need to quit fighting it and get to work.

Hey Jim,

If you are using SQLite or cubeSQL you may want to try SQLdeLite: https://github.com/1701software/SQLdeLite

It’s open source by us [http://www.1701software.com] and is a drop in replacement for the existing SQLite classes. It won’t affect any of your existing code however lets you upgrade to super easy prepared statements when you are ready. You don’t have to do all the background work for them, it handles them automatically.

Thanks Phillip.

Now what do I do with the download?

The Readme does not say and thing. Run the project in XOJO and get bunch errors? Your site has nothing.

Now WHAT?

Yeah Phillip. Should be great few more lines, when you get some free time, on the README.md (What is this? Advantages, How to install/use) and later a small UserGuide.doc (details). That’s a barrier for a larger adoption, in special by people finding it organically (searching without leads).

You can read the original design goals here: https://forum.xojo.com/11694-testers-needed-sqldelite

The example app demonstrates how to use SQL queries with it.

I open sourced it so I wouldn’t have to write documentation! :slight_smile:

One of these days I’ll get around to it. It’s a free tool to those who want to use it and its actively being developed by us.

Here is a starting README.md suggestion. http://pastebin.com/R9tpVTQS

Modify it as you wish. This suggestion will expire em 24h. :slight_smile:

BTW: while wqe are talking about SQLite:

SQLite released Version 3.8.5. It is recommended for all new development. Upgrading from all other versions of SQLite is recommended.

11 new additions (enhancements, upgrades…),
14 bug squashed.

[quote=95650:@Rick Araujo]Here is a starting README.md suggestion. http://pastebin.com/R9tpVTQS

Modify it as you wish. This suggestion will expire em 24h. :)[/quote]

Thanks Rick!