Is sqlite3_bind_text sufficient to prevent SQL injection on the iPhone

Yes, if you only pass the user supplied data to sqlite3_bind_* functions, then you are safe from SQL injection attacks (these attacks assume that you dynamically build your query string and don't quote/escape the user supplied data correctly).

Tags:

Sqlite

Iphone

Sql Injection

Recent Posts