CppDB
Escaping Strings
Note:
Before you read this, remember escaping strings directly and including them in SQL statements is bad idea, you should use prepared statements instead. However if you really know what you are doing, continue reading.

You can escape strings from unknown source using session's escape() functions. Also note that they do not add first and last quotation marks and you are expected to do this on your own.

For example:

std::string safe_data = sql.escape(data);
sql << "INSERT INTO names(name) values('" + safe_data + "')" << cppdb::exec;

Please notice the quotes inserted in the query.

But still it is better to do following:

sql << "INSERT INTO names(name) values(?)" << data << cppdb::exec;
Note:
ODBC backend does not support escaping strings and would throw not_supported_by_backend exception.
 All Classes Namespaces Functions Variables Typedefs Enumerations Enumerator
Generated on Sat Jun 23 2012 12:36:59 for CppDB by   doxygen 1.7.6.1