Does SQLite3 have prepared statements in Node.js?
According to the node-sqlite3 API documentation, you can use parameters in your SQL queries in several different ways:
// Directly in the function arguments.db.run("UPDATE tbl SET name = ? WHERE id = ?", "bar", 2);// As an array.db.run("UPDATE tbl SET name = ? WHERE id = ?", [ "bar", 2 ]);// As an object with named parameters.db.run("UPDATE tbl SET name = $name WHERE id = $id", { $id: 2, $name: "bar"});
Yes, prepared statements are supported.
With node-sqlite3:
var sqlite3 = require('sqlite3').verbose();var db = new sqlite3.Database('data.db');db.serialize(function() { var stmt = db.prepare("INSERT INTO users VALUES (?,?)"); for (var i = 0; i < 10; i++) { stmt.run("user " + i, "email " + i); } stmt.finalize(); stmt = db.prepare("SELECT * FROM users WHERE id=?"); stmt.each(userId, function(err, row) { console.log(row.name, row.email); }, function(err, count) { stmt.finalize(); });});
With better-sqlite3:
var Database = require('better-sqlite3');var db = new Database('foobar.db', options);var stmt = db.prepare("INSERT INTO users VALUES (?,?)");for (var i = 0; i < 10; i++) { stmt.run("user " + i, "email " + i);}var stmt = db.prepare('SELECT * FROM users WHERE id=?');var row = stmt.get(userId);console.log(row.name, row.email);