Jan 21, 2009, 11:00 PM
I'm working with SQLite so that's why I need a const char, otherwise I'd know exactly how to do this, no problem at all.

Unfortunately I haven't spent much time with the char data type.

Here's my question...

What I have is a string and then a variable to put at the end of the string. How can I format this so I can put the variable at the end of the string? If I were working with an NSString this is what I'd be trying to accomplish:
NSString *sqlString = [NSString stringWithFormat:@"delete from mytable where name = %@",theName];

That's just an example but almost exactly what I'm trying to accomplish, just not inside my const char. Any ideas?

Jan 22, 2009, 12:30 AM
Your question isn't really clear, but I assume you're asking how to do something like -stringWithFormat: using C strings.

Take a look at sprintf. -stringWithFormat: is essentially a wrapper around that function.

Or, you could build an NSString and then get the C string from it.

Jan 22, 2009, 05:36 AM
Before you do anything else, google for "SQL injection".

What would happen if you take the name from a text field, and the user types the following into the text field:

joe" or "a" = "a

Your code probably puts quotes around the name, turning it into

"joe" or "a" = "a"

and your SQL statement becomes

delete from mytable where name = "joe" or "a" = "a"

and everything is zapped.