From bef76e4adf86df615f6ccbdb3c3201a4b3325bf8 Mon Sep 17 00:00:00 2001 From: Relintai Date: Sat, 27 Apr 2024 23:02:05 +0200 Subject: [PATCH] Docs for the PreparedStatement. --- .../doc_classes/PreparedStatement.xml | 100 ++++++++++++++++++ 1 file changed, 100 insertions(+) diff --git a/modules/database/doc_classes/PreparedStatement.xml b/modules/database/doc_classes/PreparedStatement.xml index a97a20fd2..6ed526be5 100644 --- a/modules/database/doc_classes/PreparedStatement.xml +++ b/modules/database/doc_classes/PreparedStatement.xml @@ -1,8 +1,57 @@ + Represents a prepared statement for use with a [Database]. + Represents a prepared statement for use with a [Database]. + Prepared statements are compiled and parametrized sql statements which can be used repeatedly. + [PreparedStatement]s are an alternative to [QueryBuilder]. + Prepared statements comes with a lot of added security, as SQL injection attacks doesn't work with them (as long as you use their parameters). However note that [QueryBuilder] will escape string parameters which expect to have user input in the for you too, so if you use [QueryBuilder] yuo should also be safe. + Performance can differ compared to normal queries, but it seems like it depends on a lot of factors, so you will have to banchmark it yourself for heavy queries. It can be faster or slower. + A prepared statement looks similar: + [code]INSERT INTO table VALUES(?, ?, ?, ?);[/code] + And then you can substitute values into the [code]?[/code]-s. + Usge example: + [code] + var qb : QueryBuilder = DatabaseManager.ddb.get_connection().get_query_builder() + var ps : PreparedStatement = qb.create_prepared_statement() + + ps.sql = "INSERT INTO 'data_table' VALUES(?, ?, ?, ?);" + ps.prepare() + + print("Inserting 10 values!") + + for i in range(10): + ps.reset() + + ps.bind_text(1, "vc" + str(randi())) + ps.bind_text(2, "text" + str(randi())) + ps.bind_int(3, randi()) + ps.bind_double(4, randf() * 100000) + ps.step() + [/code] + Usge example using [QueryBuilder]: + [code] + var qb : QueryBuilder = DatabaseManager.ddb.get_connection().get_query_builder() + qb.insert("data_table", "data_varchar,data_text,data_int,data_double").values() + qb.valph().valph().valph().valph().cvalues() + qb.end_command() + + var ps : PreparedStatement = qb.create_prepared_statement() + ps.prepare() + + print("Inserting 10 values!") + + for i in range(10): + ps.reset() + + ps.bind_text(1, "vc" + str(randi())) + ps.bind_text(2, "text" + str(randi())) + ps.bind_int(3, randi()) + ps.bind_double(4, randf() * 100000) + ps.step() + [/code] @@ -12,6 +61,7 @@ + Bind a blob to the index-th parameter. (Indexed from 1) @@ -19,6 +69,7 @@ + Bind a double to the index-th parameter. (Indexed from 1) @@ -26,6 +77,7 @@ + Bind a float to the index-th parameter. (Indexed from 1) @@ -33,6 +85,7 @@ + Bind an int to the index-th parameter. (Indexed from 1) @@ -40,29 +93,36 @@ + Bind a 64bit int to the index-th parameter. (Indexed from 1) + Bind null to the index-th parameter. (Indexed from 1) + The bindable parameter count in a query. + Some database backends support naming bind parameters using a special syntax. + Use this method to get back the index of a named parameter. + Some database backends support naming bind parameters using a special syntax. + Use this method to get back the name of a parameter from it's index. @@ -70,6 +130,7 @@ + Bind a [String] to the index-th parameter. (Indexed from 1) @@ -77,6 +138,7 @@ + Bind a [Variant] to the index-th parameter. This mwthod will call other bind methods based on the value's type. (Indexed from 1) @@ -84,165 +146,203 @@ + Bind an empty blob with the size of num to the index-th parameter. (Indexed from 1) + Clear all bound parameters, effectively setting their values back to null. + Read a blob from the index-th column. (Indexed from 0) + Return the number of columns in the result set. + Returns the database's name from which the column is from if the database backend supports it. + Returns the declared type of the given column. + Read a blob from the index-th column. (Indexed from 0) + Read a blob from the index-th column. (Indexed from 0) + Read a blob from the index-th column. (Indexed from 0) + Read a blob from the index-th column. (Indexed from 0) + Read a blob from the index-th column. (Indexed from 0) + Returns the column's origin name if the database backend supports it. + Returns the column's table name if the database backend supports it. + Read a blob from the index-th column. (Indexed from 0) + Returns the column's type. + Read a [Variant] from the index-th column. (Indexed from 0) + Returns the number of columns in the current row. + Free the query from the database system. The destructor calls this automatically. + Returns the owner connection. + Returns the expanded version of the original sql, if the database backend supports it. + Returns the normalized version of the original sql, if the database backend supports it. + Compiles the sql query in [member sql]. + You need to call this before trying to use your query. Subsequent calls update the stored query on the database server. + Reset the query. Call this before trying to use it again with different parameters. + Step the query. When calling this the first time it runs the query. Subsequent calls read rows. + The sql statement to send to the database. + NULL type. + BLOB type. + FLOAT type. + DOUBLE type. + INT type. + INT64 type. + TEXT type. + VARCHAR type. + VALUE type. + BYTES type. + TYPE type. + UNKNOWN type.