1

Greetings!

I am using SQLite. I want to declare variable, but it gives me a syntax error. Please help me to find a solution:

Select * from t2 where value= ?

This is my query. Now how can I pass values to ? ?

Thanks in advance, Jennie

Improve this question
2
  • 4
    Query is correct. Which programming language / library are you using to send the query? Commented Apr 11, 2011 at 9:20
  • Hi Jennie. As stated by MarvinLabs, you should spend some time reading the (FAQ)[stackoverflow.com/faq], revisit your previous questions and accept some satisfying answers (use the check mark button next to the question of your choice to accept it). Commented Apr 11, 2011 at 14:39

3 Answers 3

Reset to default
2

As far as I know SQLite doesn't support anything like that.

The syntax is standard for libraries that implement bound parameters (and prepared statements that use them), but you would need to do that in a programming language that queries the database, and not in the database itself.

The specifics, of course, depend on the programming language and the library.

In Perl, for example you could:

my $sth = $dbh->prepare("Select * from t2 where value=?"); foreach my $value (@values) { $sth->execute($value); $row = $sth->fetchrow_hashref; [...] }

Bobby Tables has some more examples in a variety of languages.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

SQLite is always bound to a host language (though it's the trivial language in the case of the sqlite shell). Moreover, ? is just the syntax for positional bound parameters; SQLite also supports named bound parameters via :someName.
2

You can support variables in sqlite using an in-memory temp table. See my answer at https://stackoverflow.com/a/14574227/1435110

Improve this answer

Comments

0

The only way to use variables like that is by using the binding functions. In many cases, constructing a query string in the language you are using is easier.

Improve this answer

2 Comments

Easier, but more prone to SQL injection vulnerabilities.
@Quentin Well, yes. You'd better sanitize if you don't bind, unless you're willing to take the chance someone inputs "0; drop all tables" as their search value, if it's even likely in that context.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.