% mydb eval "SELECT json FROM $table WHERE json_extract(json, '\$.hash') = \$hash" % mydb eval "SELECT json FROM $table WHERE json_extract(json, '$.hash') = $hash" {{"a": "b", "hash": 244718899}}
I know, I _really_ don't want Tcl interpolating $hash directly in here, but sqlite3's Tcl package does not seem to be doing something with the variable properly. I even tried specifying $hash as a variable rather than just using set, still no luck: % variable hash 244718899 % $hash invalid command name "244718899" % mydb eval "SELECT json FROM $table WHERE json_extract(json, '$.hash') = $hash" {{"a": "b", "hash": 244718899}} % mydb eval {SELECT json FROM NotImportant WHERE json_extract(json, '$.hash') = $hash} % mydb eval "SELECT json FROM $table WHERE json_extract(json, '\$.hash') = \$hash" % And setting a variable to the query doesn't like it either: % set query "SELECT json FROM $table WHERE json_extract(json, '\$.hash') = \$hash" SELECT json FROM NotImportant WHERE json_extract(json, '$.hash') = $hash % mydb eval $query % On Fri, Jun 9, 2017 at 10:45 AM, Richard Hipp <d...@sqlite.org> wrote: > On 6/9/17, Zach C. <fxc...@gmail.com> wrote: > > I was partially unclear with using a constant table name here; what I > > actually need as well is the table name as effectively a const that I > > control as well. So more like > > > > mydb eval {$SELECT json FROM $table WHERE json_extract(json, '$.hash') = > > $someId} > > Like this then: > > mydb eval "SELECT json FROM $table WHERE > json_extract(json,'\$.hash')=\$someId" > > Put a backslash \ before every $ that you want passed down into > SQLite. And not that you definitely want the $ on $someId passed down > into SQLite. You do *not* want TCL to expand $someId for you. > > > > > The problem is this will cause $table to be interpolated as a SQL string, > > which it is not: it is a table name. But even if I _do_ make the table > name > > a literal, as in this query: > > > > % set hash 24471899 > > 24471899 > > % mydb eval {SELECT json FROM NotImportant WHERE json_extract(json, > > '$.hash') = $hash} > > > > _and_ I'm using curly-brace evaluation, the json_extract fails. > > > > It isn't JSON1 because if I _directly_ interpolate (introducing the > > possibility of SQL injection) it works fine. > > > > Even if I make the JSON path its own variable and do the same, it fails: > > > > % set json_path {$.hash} > > $.hash > > % mydb eval {SELECT json FROM NotImportant WHERE json_extract(json, > > $json_path) = $hash} > > % > > > > So I'm kind of at a loss. > > > > > -- > D. Richard Hipp > d...@sqlite.org > _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users