Forums > Javascript

Prepared statements in SQLite?

Nov 14 2008 | 4:29 pm

I’m looking at Andrew’s SQLite-in-Javascript tutorial at

and it uses an exec() function where the SQL statements are hand-
assembled by string concatenation. Since I don’t want to be releasing
any Max patchers which let those pesky laptop musicians steal my bank
account details by performing SQL injection attacks from Ableton Live
via Rewire, I’m wondering whether the JS layer supports prepared
statements? (Quite apart from malicious attacks, it’s a pain to SQL-
armour data strings for each SQL call.)

If not, we won’t be seeing Little Bobby Tables performing on stage
anytime soon:

— N.

Nick Rothwell / Limited

Viewing 1 post (of 1 total)

Forums > Javascript