> Is there documentation that talks about about the various binding place > holders or is this a standard SQL construct?
Probably this will help you: http://www.sqlite.org/c3ref/bind_blob.html. Pavel On Tue, Mar 23, 2010 at 3:48 PM, Vance E. Neff <ven...@intouchmi.com> wrote: > Thanks to all those who responded! It was quite educational. > I'm using the zentus java jdbc wrapper. It seems to only support an > index # for the binding index so I'm stuck with being careful as to how > I count ?s. > Is there documentation that talks about about the various binding place > holders or is this a standard SQL construct? > > Vance > > D. Richard Hipp wrote: >> On Mar 19, 2010, at 3:29 PM, David Bicking wrote: >> >>> >>> --- On Fri, 3/19/10, Vance E. Neff <ven...@intouchmi.com> wrote: >>> >>> <snip> >>>> UPDATE table1 set (?, ?, ?) WHERE col1=? and col2=?; >>>> >>>> I've never used binding before but have known it is a good >>>> idea in order >>>> to avoid injection of bad stuff. >>>> >>>> Vance >>>> >>> You count the question marks from left to right. >>> >>>> UPDATE table1 set (<1>, <2>, <3>) WHERE col1=<4> and col2=<5>; >>> You can also put the index number you want to use after the ? so >>> they can be in any order you want. >> >> Better still is to use a symbolic name for the parameters. The >> symbolic names can be any identifier that begins with $, :, or @. >> Examples: >> >> UPDATE table1 SET col1=$c1val, co...@c2val, col3=:c3val >> WHERE co...@c2val AND col3=:c3val; >> >> You still have to translate the symbolic name into a "parameter index" >> before you bind it. The sqlite3_bind_parameter_index() routine will >> do that for you. >> >> In the programs I write, I always try to use symbolic names for >> parameters and I rig the infrastructure to handle the mapping from >> symbolic name to parameter index. For example, if you are using the >> TCL interface to SQLite, you just specify TCL variables embedded in >> the SQL: >> >> db eval {UPDATE table1 SET col1=$c1val WHERE col2=$c2val} >> >> In the statement above, the TCL interface automatically looks up the >> values of TCL variables $c1val and $c2val and binds them appropriately >> before running the statement. It doesn't get any cleaner than this. >> Unfortunately, other programming languages require more complex >> syntax. In the implementation of "Fossil" I do this: >> >> db_prepare(&stmt, "UPDATE table1 SET col1=$c1val WHERE col2= >> $c2val"); >> db_bind_int(&stmt, "$c1val", 123); >> db_bind_double(&stmt, "$c2val, 456.78); >> db_step(&stmt); >> db_finalize(&stmt); >> >> The db_bind_int() and db_bind_double() and similar routines wrap the >> sqlite3_bind_xxxxx() and sqlite3_bind_parameter_index() calls. >> >> If we've learned one thing over the history of computing it is that >> programmers are notoriously bad at counting parameters and that >> symbolic names tend to be much better at avoiding bugs. >> >> D. Richard Hipp >> d...@hwaci.com >> >> >> >> _______________________________________________ >> sqlite-users mailing list >> sqlite-users@sqlite.org >> http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users >> >> > > _______________________________________________ > sqlite-users mailing list > sqlite-users@sqlite.org > http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users > _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
