发表新帖
发表新帖

SQLite: bind list of values to “WHERE col IN ( :PRM )”

后端 未结
关注
9 672
轮回少年
轮回少年 2020-12-16 09:53

all I want to do is send a query like

SELECT * FROM table WHERE col IN (110, 130, 90);

So I prepared the following statement
9条回答
  • 情深已故
    情深已故 (楼主)
    2020-12-16 10:18

    A much simpler and safer answer simply involves generating the mask (as opposed to the data part of the query) and allowing the SQL-injection formatter engine to do its job.

    Suppose we have some ids in an array, and some cb callback:

    /* we need to generate a '?' for each item in our mask */
const mask = Array(ids.length).fill('?').join();

db.get(`
  SELECT *
    FROM films f
   WHERE f.id
      IN (${mask})
`, ids, cb);

    0 讨论(0)
 看不清?
提交回复
热议问题