Particular, SQL injection in code we could expect as a remark character passed directly to DB processor via a string value parameter of query as well as some of programming books authors warn us about its usage.
For example, we can use this table:
CREATE TABLE M (
LINE TEXT
);
with one field LINE in an SQLite database, and write to using command:
INSERT INTO M VALUES (some_text);
In critical systems, instead of pasing full string via parameter some_text, if we can predict some maximum of LINE length N,
we should use that code:
CREATE TABLE M_ (
c1 TEXT,
c2 TEXT,
...
cN TEXT
);
Then, you must divide some_text previously by single characters, and put into the table like in script:
INSERT INTO M_ VALUES (s1, s2, ..., sN); where si - character with number i in LINE. Hence, you can now concatenate characters in NBI application. As an additional security layer, you can store in DB charset number for each symbol to avoid symbols like ' or ".