On Thu, Dec 18, 2008 at 7:44 PM, Griggs, Donald <donald.gri...@allscripts.com> wrote: > Regarding: > Is there a way to use a prepared statement and bind a (variable) > array of integers? > > Like in: > SELECT .... FROM table WHERE someinteger IN ( 2,18,19,340,1,72, 15 > ... ) > > Becomes: > SELECT .... FROM table WHERE someinteger IN ( ? ) > > > I don't know that you can bind these, but > do I remember correctly that these integers are selected by human users? > If so, I guess the savings in time would be unmeasurably small, right? > Or do your users type the string directly were you aiming to reduce sql > injections? >
Yes, these come in from user input through multi-select lists (it's a itunes like interface), so I'm not worried about SQL injections. When the selection changes, the resulting query gets build up, compiled and executed. The query is the same everytime, so only the contents of the "someinteger IN ...." changes. I thought it would be nicer, at least from a coding standpoint, if I could make use of prepared statements. Faster would be nice, but not a requirement. Slower would be a big no no ofcourse :) So it seems I could use a temp table that gets filled with the new selection everytime the user changes the selection. I guess there is some overhead there as well, but on the other hand, the parsing of the query everytime also has a overhead. I'll give it a try! Thanks, Sander -- "And any fool knows a dog needs a home A shelter from pigs on the wing" _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
