C++ 包含字符串的引号消失在C++;
我尝试用引号覆盖字符串,以便将其放入SQL记录中C++ 包含字符串的引号消失在C++;,c++,database,sqlite,C++,Database,Sqlite,我尝试用引号覆盖字符串,以便将其放入SQL记录中 int pictureId = picture.getId(); std::string pictureName = "\'" + picture.getName() + "\'"; std::string picturePath = "\'" + picture.getPath() + "\'"; std::string pictureCreationTime = "\'" + picture.getCreationDate() + "\'";
int pictureId = picture.getId();
std::string pictureName = "\'" + picture.getName() + "\'";
std::string picturePath = "\'" + picture.getPath() + "\'";
std::string pictureCreationTime = "\'" + picture.getCreationDate() + "\'";
std::string TRY = "Insert Into Pictures(Id, Name, Location, Creation_Date,
Album_id) Values(" + std::to_string(picture.getId()) + ',' +
picture.getName() + "," + picture.getPath() + ',' +
picture.getCreationDate() + ',' + '1' + ");";
res = sqlite3_exec(db, TRY.c_str(), nullptr, nullptr, &errMessage);
std::string TRY = "Insert Into Pictures(Id, Name, Location, Creation_Date,
Album_id) Values(" + std::to_string(picture.getId()) + ',' +
picture.getName() + "," + picture.getPath() + ',' +
picture.getCreationDate() + ',' + '1' + ");";
我该怎么做才能保证引号不会消失单引号会消失,因为您所说的行会导致问题,您使用picture.getName()而不是使用您用单引号创建的pictureName字符串
int pictureId = picture.getId();
std::string pictureName = "\'" + picture.getName() + "\'";
std::string picturePath = "\'" + picture.getPath() + "\'";
std::string pictureCreationTime = "\'" + picture.getCreationDate() + "\'";
std::string TRY = "Insert Into Pictures(Id, Name, Location, Creation_Date,
Album_id) Values(" + std::to_string(pictureId ) + ',' +
pictureName + "," + picturePath + ',' +
pictureCreationTime + ',' + '1' + ");";
您要求SQL注入。不要转义字符串,请让数据库库为您执行此操作,例如使用参数化请求。谢谢。我不明白为什么我没有注意到。