[racket] Deleting record from table using sqlite

From: Thomas Chust (chust at web.de)
Date: Thu Sep 23 11:33:02 EDT 2010

2010/9/23 vannadis <vannadiz at gmail.com>:
> [...]
>     (define (delete-entry! a-notepad id)
>       (sqlite:exec/ignore (notepad-db a-notepad)
>                           (format "DELETE FROM notes WHERE id = '~a'" id)))
>
> but this doesn't remove anythng.
> Where i'm wrong?
> [...]

Hello,

there are two problems with this code:

First and foremost, your SQL code compares a numerical row identifier to a
string, a comparison that will always return false, and hence no row will
ever be deleted.

Second, to protect you from potential SQL quoting and injection problems right
from the start, it is strongly advisable to always use query parameters
instead of string interpolation whenever data is passed to SQL code.

Fixing both problems you could write

  (define (delete-entry! a-notepad id)
    (sqlite:exec/ignore (notepad-db a-notepad)
                        "DELETE FROM notes WHERE id = ?" id))

instead of your original procedure definition.

Ciao,
Thomas


-- 
When C++ is your hammer, every problem looks like your thumb.


Posted on the users mailing list.