Forums > Javascript

Prepared statements in SQLite?

November 14, 2008 | 4:29 pm

I’m looking at Andrew’s SQLite-in-Javascript tutorial at

http://www.cycling74.com/story/2008/9/5/16230/12047

and it uses an exec() function where the SQL statements are hand-
assembled by string concatenation. Since I don’t want to be releasing
any Max patchers which let those pesky laptop musicians steal my bank
account details by performing SQL injection attacks from Ableton Live
via Rewire, I’m wondering whether the JS layer supports prepared
statements? (Quite apart from malicious attacks, it’s a pain to SQL-
armour data strings for each SQL call.)

If not, we won’t be seeing Little Bobby Tables performing on stage
anytime soon:

http://xkcd.com/327/

– N.

Nick Rothwell / Cassiel.com Limited
http://www.cassiel.com
http://www.myspace.com/cassieldotcom
http://www.last.fm/music/cassiel
http://www.reverbnation.com/cassiel
http://www.linkedin.com/in/cassiel
http://www.loadbang.net


Viewing 1 post (of 1 total)