• <legend id='ugHEs'><style id='ugHEs'><dir id='ugHEs'><q id='ugHEs'></q></dir></style></legend>

        <small id='ugHEs'></small><noframes id='ugHEs'>

          <bdo id='ugHEs'></bdo><ul id='ugHEs'></ul>

        <i id='ugHEs'><tr id='ugHEs'><dt id='ugHEs'><q id='ugHEs'><span id='ugHEs'><b id='ugHEs'><form id='ugHEs'><ins id='ugHEs'></ins><ul id='ugHEs'></ul><sub id='ugHEs'></sub></form><legend id='ugHEs'></legend><bdo id='ugHEs'><pre id='ugHEs'><center id='ugHEs'></center></pre></bdo></b><th id='ugHEs'></th></span></q></dt></tr></i><div id='ugHEs'><tfoot id='ugHEs'></tfoot><dl id='ugHEs'><fieldset id='ugHEs'></fieldset></dl></div>
        <tfoot id='ugHEs'></tfoot>

      1. SQLite 参数 - 不允许表名作为参数

        时间:2023-08-21
          <bdo id='zQmxR'></bdo><ul id='zQmxR'></ul>
          <legend id='zQmxR'><style id='zQmxR'><dir id='zQmxR'><q id='zQmxR'></q></dir></style></legend>
          <i id='zQmxR'><tr id='zQmxR'><dt id='zQmxR'><q id='zQmxR'><span id='zQmxR'><b id='zQmxR'><form id='zQmxR'><ins id='zQmxR'></ins><ul id='zQmxR'></ul><sub id='zQmxR'></sub></form><legend id='zQmxR'></legend><bdo id='zQmxR'><pre id='zQmxR'><center id='zQmxR'></center></pre></bdo></b><th id='zQmxR'></th></span></q></dt></tr></i><div id='zQmxR'><tfoot id='zQmxR'></tfoot><dl id='zQmxR'><fieldset id='zQmxR'></fieldset></dl></div>

            • <tfoot id='zQmxR'></tfoot>
                  <tbody id='zQmxR'></tbody>

                <small id='zQmxR'></small><noframes id='zQmxR'>

                1. 本文介绍了SQLite 参数 - 不允许表名作为参数的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

                  问题描述

                  我正在通过 Flex 在 AIR 中开发应用程序,但我没有发现 SQLite 哪里出了问题(我已经习惯了 MySQL).参数有效,但仅在某些情况下有效.这部分是针对sql注入的内置卫生系统吗?感谢您的帮助!

                  I'm developing an application in AIR via Flex, but I'm not seeing where I'm going wrong with SQLite (I'm used to MySQL). Parameters work, but only in certain instances. Is this part of the built-in sanitation system against sql injection? Thanks for any help!

                  作品:

                  sqlite

                  "INSERT :Fields FROM Category",其中参数为:Fields = "*"

                  "INSERT :Fields FROM Category", where the parameter is :Fields = "*"

                  as3

                  var statement:SQLStatement = new SQLStatement();
                  statement.connection = connection;
                  statement.text = "INSERT :Fields FROM Category";
                  statement.parameters[":Fields"] = "*";
                  statement.execute;
                  

                  不起作用(:Table"处的 SQL 语法错误):

                  sqlite

                  "INSERT :Fields FROM :Table",其中参数为:Fields = "*" 和:Table = "Category"

                  "INSERT :Fields FROM :Table", where the parameters are :Fields = "*" and :Table = "Category"

                  as3

                  var statement:SQLStatement = new SQLStatement();
                  statement.connection = connection;
                  statement.text = "INSERT :Fields FROM :Table";
                  statement.parameters[":Fields"] = "*";
                  statement.parameters[":Table"] = "Category";
                  statement.execute;
                  

                  推荐答案

                  通常不能将 SQL 参数/占位符用于数据库标识符(表、列、视图、架构等)或数据库函数(例如,CURRENT_DATE),但仅用于绑定文字 values.

                  Generally one cannot use SQL parameters/placeholders for database identifiers (tables, columns, views, schemas, etc.) or database functions (e.g., CURRENT_DATE), but instead only for binding literal values.

                  通过服务器端对参数化(又名准备好的)语句的支持,数据库引擎会解析您的查询一次,记住您将绑定的任何参数的特性——它们的类型、最大长度、精度等已解析查询的后续执行.但是,如果关键位(如数据库对象)未知,则无法将查询正确解析为其句法元素.

                  With server-side support for parameterized (a.k.a. prepared) statements, the DB engine parses your query once, remembering out the peculiars of any parameters -- their types, max lengths, precisions, etc. -- that you will bind in subsequent executions of the already-parsed query. But the query cannot be properly parsed into its syntactic elements if critical bits, like database objects, are unknown.

                  因此,通常必须自己替换表名,在存储过程或客户端代码中,动态连接/插值/任何要正确执行的 SQL 语句.在任何情况下,请记住使用您的 SQL API 函数来引用数据库标识符,因为 API 不会为您做这件事.

                  So, one generally has to substitute table names oneself, in a stored procedure or in client code which dynamically concats/interpolates/whatevers the SQL statement to be properly executed. In any case, please remember to use your SQL API's function for quoting database identifiers, since the API won't do it for you.

                  这篇关于SQLite 参数 - 不允许表名作为参数的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持html5模板网!

                  上一篇:Camel JDBC StreamList 查询似乎在拆分之前加载整个结 下一篇:如何使用 Flex 更新 MySql 数据库

                  相关文章

                  最新文章

                    <i id='lDENu'><tr id='lDENu'><dt id='lDENu'><q id='lDENu'><span id='lDENu'><b id='lDENu'><form id='lDENu'><ins id='lDENu'></ins><ul id='lDENu'></ul><sub id='lDENu'></sub></form><legend id='lDENu'></legend><bdo id='lDENu'><pre id='lDENu'><center id='lDENu'></center></pre></bdo></b><th id='lDENu'></th></span></q></dt></tr></i><div id='lDENu'><tfoot id='lDENu'></tfoot><dl id='lDENu'><fieldset id='lDENu'></fieldset></dl></div>
                  1. <legend id='lDENu'><style id='lDENu'><dir id='lDENu'><q id='lDENu'></q></dir></style></legend>
                    <tfoot id='lDENu'></tfoot>
                  2. <small id='lDENu'></small><noframes id='lDENu'>

                    • <bdo id='lDENu'></bdo><ul id='lDENu'></ul>