Prepared statements in SQLite?
I'm looking at Andrew's SQLite-in-Javascript tutorial at
and it uses an exec() function where the SQL statements are hand-
assembled by string concatenation. Since I don't want to be releasing
any Max patchers which let those pesky laptop musicians steal my bank
account details by performing SQL injection attacks from Ableton Live
via Rewire, I'm wondering whether the JS layer supports prepared
statements? (Quite apart from malicious attacks, it's a pain to SQL-
armour data strings for each SQL call.)
If not, we won't be seeing Little Bobby Tables performing on stage
anytime soon:
-- N.
Nick Rothwell / Cassiel.com Limited
www.cassiel.com
www.myspace.com/cassieldotcom
www.last.fm/music/cassiel
www.reverbnation.com/cassiel
www.linkedin.com/in/cassiel
www.loadbang.net