Bind Question -- Is this correct?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Bind Question -- Is this correct?

Stephen Chrzanowski
I'm attempting to do a simple bind for an integer.

The partial query is:

V1: *datetime(date(current_timestamp,'localtime'),'+'||:StartTime||'
hours')))/60) MinutesSince9*
V2: *datetime(date(current_timestamp,'localtime'),'+:StartTime
hours')))/60) MinutesSince9 *

I'm getting a failure with V2, and I'm assuming that binding isn't
understood when the bind is within a string.  If this assumption is
correct, is V1 the correct and safe way to bind the values?

In THIS particular case, :StartTime is an ENUM type of integers 7, 8, or 9,
and programmatically set based on a configuration option set via a pull
down menu within the application, which is sanitized before performing the
SQL statement anyways.  My concern is geared towards the future when
handling strings.
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: Bind Question -- Is this correct?

Simon Slavin-3
On 3 Jul 2018, at 4:22pm, Stephen Chrzanowski <[hidden email]> wrote:

> V1: *datetime(date(current_timestamp,'localtime'),'+'||:StartTime||'
> hours')))/60) MinutesSince9*
> V2: *datetime(date(current_timestamp,'localtime'),'+:StartTime
> hours')))/60) MinutesSince9 *
>
> I'm getting a failure with V2, and I'm assuming that binding isn't
> understood when the bind is within a string.  If this assumption is
> correct, is V1 the correct and safe way to bind the values?

Yes and yes.

SQLite does not scan strings to look for binding tokens.  But it does consider a binding token anywhere it might find a column identifier.

Simon.
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: [EXTERNAL] Bind Question -- Is this correct?

Hick Gunter
In reply to this post by Stephen Chrzanowski
V1 uses the value bound to the SQL Variable while performing the concatenation of the text literal '+', the value cast as text, and the text literal 'hours'

V2 expects (wrongly) that the text literal '+:StartTimehours' magically replaces part of the string with the value of an SQL variable

-----Urspr√ľngliche Nachricht-----
Von: sqlite-users [mailto:[hidden email]] Im Auftrag von Stephen Chrzanowski
Gesendet: Dienstag, 03. Juli 2018 17:23
An: General Discussion of SQLite Database <[hidden email]>
Betreff: [EXTERNAL] [sqlite] Bind Question -- Is this correct?

I'm attempting to do a simple bind for an integer.

The partial query is:

V1: *datetime(date(current_timestamp,'localtime'),'+'||:StartTime||'
hours')))/60) MinutesSince9*
V2: *datetime(date(current_timestamp,'localtime'),'+:StartTime
hours')))/60) MinutesSince9 *

I'm getting a failure with V2, and I'm assuming that binding isn't understood when the bind is within a string.  If this assumption is correct, is V1 the correct and safe way to bind the values?

In THIS particular case, :StartTime is an ENUM type of integers 7, 8, or 9, and programmatically set based on a configuration option set via a pull down menu within the application, which is sanitized before performing the SQL statement anyways.  My concern is geared towards the future when handling strings.
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users


___________________________________________
 Gunter Hick | Software Engineer | Scientific Games International GmbH | Klitschgasse 2-4, A-1130 Vienna | FN 157284 a, HG Wien, DVR: 0430013 | (O) +43 1 80100 - 0

May be privileged. May be confidential. Please delete if not the addressee.
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
Reply | Threaded
Open this post in threaded view
|

Re: [EXTERNAL] Bind Question -- Is this correct?

Stephen Chrzanowski
Thanks for the replies gents.  This just caught me off guard a bit and
needed a check.
_______________________________________________
sqlite-users mailing list
[hidden email]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users