V1 uses the value bound to the SQL Variable while performing the concatenation of the text literal '+', the value cast as text, and the text literal 'hours'
V2 expects (wrongly) that the text literal '+:StartTimehours' magically replaces part of the string with the value of an SQL variable -----Ursprüngliche Nachricht----- Von: sqlite-users [mailto:sqlite-users-boun...@mailinglists.sqlite.org] Im Auftrag von Stephen Chrzanowski Gesendet: Dienstag, 03. Juli 2018 17:23 An: General Discussion of SQLite Database <sqlite-users@mailinglists.sqlite.org> Betreff: [EXTERNAL] [sqlite] Bind Question -- Is this correct? I'm attempting to do a simple bind for an integer. The partial query is: V1: *datetime(date(current_timestamp,'localtime'),'+'||:StartTime||' hours')))/60) MinutesSince9* V2: *datetime(date(current_timestamp,'localtime'),'+:StartTime hours')))/60) MinutesSince9 * I'm getting a failure with V2, and I'm assuming that binding isn't understood when the bind is within a string. If this assumption is correct, is V1 the correct and safe way to bind the values? In THIS particular case, :StartTime is an ENUM type of integers 7, 8, or 9, and programmatically set based on a configuration option set via a pull down menu within the application, which is sanitized before performing the SQL statement anyways. My concern is geared towards the future when handling strings. _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users ___________________________________________ Gunter Hick | Software Engineer | Scientific Games International GmbH | Klitschgasse 2-4, A-1130 Vienna | FN 157284 a, HG Wien, DVR: 0430013 | (O) +43 1 80100 - 0 May be privileged. May be confidential. Please delete if not the addressee. _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users