nick rothwell | project cassiel

I'm looking at Andrew's SQLite-in-Javascript tutorial at

https://cycling74.com/story/2008/9/5/16230/12047

and it uses an exec() function where the SQL statements are hand- 

assembled by string concatenation. Since I don't want to be releasing 

any Max patchers which let those pesky laptop musicians steal my bank 

account details by performing SQL injection attacks from Ableton Live 

via Rewire, I'm wondering whether the JS layer supports prepared 

statements? (Quite apart from malicious attacks, it's a pain to SQL- 

If not, we won't be seeing Little Bobby Tables performing on stage 

	https://cycling74.com/story/2008/9/5/16230/12047

and it uses an exec() function where the SQL statements are hand- 
assembled by string concatenation. Since I don't want to be releasing  
any Max patchers which let those pesky laptop musicians steal my bank  
account details by performing SQL injection attacks from Ableton Live  
via Rewire, I'm wondering whether the JS layer supports prepared  
statements? (Quite apart from malicious attacks, it's a pain to SQL- 
armour data strings for each SQL call.)

If not, we won't be seeing Little Bobby Tables performing on stage  
anytime soon:

Nick Rothwell / Cassiel.com Limited
www.cassiel.com
www.myspace.com/cassieldotcom
www.last.fm/music/cassiel
www.reverbnation.com/cassiel
www.linkedin.com/in/cassiel
www.loadbang.net


Prepared statements in SQLite?