Quote:
Originally Posted by Mirandor
Thanks for sharing it, but how can we be sure that this release has no potential sql injection?
|
The archive with "src" in the name is the source code. A cursory look suggests that there is no injection vector as the only strings inserted are added in with sqlite3_snprintf with the %q format specifier, which properly quotes them.