How should I escape parameters when using SQLite?
What's the best practice to escape parameters when using Titanium.Database.DB.execute ?
2 Answers
-
This may be what you're looking for, no?
http://developer.appcelerator.com/apidoc/desktop/latest/Titanium.Database.DB.execute-method.html
-
I'd like to rephrase the above question in "Is there any practice with regards to escaping parameters when using Ti.Database.DB.execute?".
Right now I am parsing a feed server side with PHP's sql_escape_string and use the outcome of that, far from ideal.