On Dec 23, 2011, at 2:31 PM, Chris Mets wrote:
> A parameterized view allows me to do that just fine in other SQL engines,
Well, MSSQL sports so-called parameterized views, but that's about it.
> but apparently not SQLite.
If you insist on that approach, you could rewrite your view in term of
Another possibility might be to create a parameters table, say:
CREATE TABLE tabparams (p1,p2,p2,p4,p5);
INSERT INTO tabparams VALUES (null,null,null,null,null);
And when creating the view, access tabparams.p1, tabparams.p2, etc. instead
of variables (with an appropriate join clause). Then, bef
parameter
substitution). Thanks & Best regards, Chris > From: k.n...@zonnet.nl
> To: sqlite-users@sqlite.org
> Date: Fri, 23 Dec 2011 18:03:16 +0100
> Subject: Re: [sqlite] Parameters are not allowed in views
>
> On Fri, 23 Dec 2011 06:31:33 -0700, Chris Mets
> wrote:
>
>
On Fri, 23 Dec 2011 06:31:33 -0700, Chris Mets
wrote:
>
> Thanks for the response. In the solution you propose,
> the view is no longer a parameterized view. I assume
> you suggest putting the select statement with the
> paramterized where clause in the code. In my question,
> I simplified the q
On 23 Dec 2011, at 1:31pm, Chris Mets wrote:
> Thanks for the response. In the solution you propose, the view is no longer
> a parameterized view. I asume you suggest putting the select statement with
> the paramterized where clause in the code. In my question, I simplified the
> query. In re
Subject: Re: [sqlite] Parameters are not allowed in views
>
>
> On Dec 21, 2011, at 11:40 PM, Chris Mets wrote:
>
> > Is this truly a limitation of SQLite or am I doing something wrong?
>
> The later. Simply create your view. Then restrict it.
>
> In other words:
&
Where can I learn more about "restrict it". I'm not familiar with the
syntax for using the question mark. Is there a specific part of the
documentation that explains it and how it works?
Thanks,
dvn
On Wed, Dec 21, 2011 at 5:00 PM, Petite Abeille wrote:
>
> On Dec 21, 2011, at 11:40 PM, Chris
On Dec 21, 2011, at 11:40 PM, Chris Mets wrote:
> Is this truly a limitation of SQLite or am I doing something wrong?
The later. Simply create your view. Then restrict it.
In other words:
create view foo as select bar from baz
select * from foo where bar = ?
_
When I execute the following SQL statement: select * from test2 where f2 =
@param;
it prompts me correctly for a parameter value.
However, when I try to create a view: create view testview as select * from
test2 where f2 = @param;
I receive the following error message: Parameters are not
Hello Alexey,
uh, yes, that is true. But preprocessing the value of
user_id, etc. should insulate you from that sort of things, right?
Unfortunately, the Tclers' Wiki does not give a ready solution for
that. But with
[string map {\; "" \[ "" \] "" $user_id]
you can get rid of most threats, right
This is the Tcl binding, right?
You could replace the variable by its value using [string map]:
db eval [string map [list USER_ID $user_id ...] $sql_statement]
or more directly:
db eval \
"CREATE TABLE view_report_01 AS ...
WHERE u.id = $user_id
..."
Regards,
Arjen
On 2009-02-27
Hello!
On Friday 27 February 2009 18:08:19 you wrote:
> [string map {\; "" \[ "" \] "" $user_id]
>
> you can get rid of most threats, right?
We can do
set param {test' sql with some injection}
puts $param
set param [db onecolumn {select quote($param)}]
puts $param
and get result
test' sql with s
Hello!
On Friday 27 February 2009 17:32:36 Arjen Markus wrote:
> This is the Tcl binding, right?
> You could replace the variable by its value using [string map]:
>
> db eval [string map [list USER_ID $user_id ...] $sql_statement]
>
> or more directly:
>
> db eval \
> "CREATE TABLE view_repor
Hello!
Is there way to careate view such as
db eval {
CREATE TABLE view_report_01 AS
?SELECT s.name ?AS service_name,
? t_l_r.cost AS cost
?FROM work.users ? AS u,
? work.user_contracts ?AS u_c,
? work.user_services ?AS u_s,
? work.services ? AS s,
? telephony.telephony_log_rating AS t_l_r,
? tel
14 matches
Mail list logo