Home > front end >  How to use Prepared statements with npm sqlite library on node js
How to use Prepared statements with npm sqlite library on node js

Time:08-01

I am using this library for connecting my node js application to an sqlite database. I saw its documentation for how to use prepared statements here but it is very brief and I cannot understand how to use it for my use case.

Lets say I have an sql string like this:

const sql = "INSERT INTO tbl(name) VALUES (?)"

So as per the documentation guess I should first create a statement and then use bind to populate it:

const stmt = await db.prepare(sql)
stmt.bind({? : "John"})

Is this the right way to do this? Also once I have created the Prepared statement how am I supposed to run this. All the examples mentioned in the docs are select statements, but if it is an insert statement I suppose stmt.get() or stmt.all() method are not correct as there is no result set to return here. How then am I supposed to do this?

CodePudding user response:

I don't know the sqlite library too well, but the following example from the documentation performs a parameterised INSERT statement:

const result = await db.run('INSERT INTO tbl(col) VALUES (:col)', {
  ':col': 'something'
})

I think you're focusing on the phrase 'prepared statement' a little too much. Instead of looking only for this exact phrase, look for any use of parameters whose values are passed separately to the main SQL string. The example above fits this: there is a parameter :col which appears in the SQL string and the value for it is provided in an object passed to db.run alongside the SQL string.

  • Related