Represents a prepared statement for use with a [Database].
Represents a prepared statement for use with a [Database].
Prepared statements are compiled and parametrized sql statements which can be used repeatedly.
[PreparedStatement]s are an alternative to [QueryBuilder].
Prepared statements comes with a lot of added security, as SQL injection attacks doesn't work with them (as long as you use their parameters). However note that [QueryBuilder] will escape string parameters which expect to have user input in the for you too, so if you use [QueryBuilder] yuo should also be safe.
Performance can differ compared to normal queries, but it seems like it depends on a lot of factors, so you will have to banchmark it yourself for heavy queries. It can be faster or slower.
A prepared statement looks similar:
[code]INSERT INTO table VALUES(?, ?, ?, ?);[/code]
And then you can substitute values into the [code]?[/code]-s.
Usge example:
[code]
var qb : QueryBuilder = DatabaseManager.ddb.get_connection().get_query_builder()
var ps : PreparedStatement = qb.create_prepared_statement()
ps.sql = "INSERT INTO 'data_table' VALUES(?, ?, ?, ?);"
ps.prepare()
print("Inserting 10 values!")
for i in range(10):
ps.reset()
ps.bind_text(1, "vc" + str(randi()))
ps.bind_text(2, "text" + str(randi()))
ps.bind_int(3, randi())
ps.bind_double(4, randf() * 100000)
ps.step()
[/code]
Usge example using [QueryBuilder]:
[code]
var qb : QueryBuilder = DatabaseManager.ddb.get_connection().get_query_builder()
qb.insert("data_table", "data_varchar,data_text,data_int,data_double").values()
qb.valph().valph().valph().valph().cvalues()
qb.end_command()
var ps : PreparedStatement = qb.create_prepared_statement()
ps.prepare()
print("Inserting 10 values!")
for i in range(10):
ps.reset()
ps.bind_text(1, "vc" + str(randi()))
ps.bind_text(2, "text" + str(randi()))
ps.bind_int(3, randi())
ps.bind_double(4, randf() * 100000)
ps.step()
[/code]
Bind a blob to the index-th parameter. (Indexed from 1)
Bind a double to the index-th parameter. (Indexed from 1)
Bind a float to the index-th parameter. (Indexed from 1)
Bind an int to the index-th parameter. (Indexed from 1)
Bind a 64bit int to the index-th parameter. (Indexed from 1)
Bind null to the index-th parameter. (Indexed from 1)
The bindable parameter count in a query.
Some database backends support naming bind parameters using a special syntax.
Use this method to get back the index of a named parameter.
Some database backends support naming bind parameters using a special syntax.
Use this method to get back the name of a parameter from it's index.
Bind a [String] to the index-th parameter. (Indexed from 1)
Bind a [Variant] to the index-th parameter. This mwthod will call other bind methods based on the value's type. (Indexed from 1)
Bind an empty blob with the size of num to the index-th parameter. (Indexed from 1)
Clear all bound parameters, effectively setting their values back to null.
Read a blob from the index-th column. (Indexed from 0)
Return the number of columns in the result set.
Returns the database's name from which the column is from if the database backend supports it.
Returns the declared type of the given column.
Read a blob from the index-th column. (Indexed from 0)
Read a blob from the index-th column. (Indexed from 0)
Read a blob from the index-th column. (Indexed from 0)
Read a blob from the index-th column. (Indexed from 0)
Read a blob from the index-th column. (Indexed from 0)
Returns the column's origin name if the database backend supports it.
Returns the column's table name if the database backend supports it.
Read a blob from the index-th column. (Indexed from 0)
Returns the column's type.
Read a [Variant] from the index-th column. (Indexed from 0)
Returns the number of columns in the current row.
Free the query from the database system. The destructor calls this automatically.
Returns the owner connection.
Returns the expanded version of the original sql, if the database backend supports it.
Returns the normalized version of the original sql, if the database backend supports it.
Compiles the sql query in [member sql].
You need to call this before trying to use your query. Subsequent calls update the stored query on the database server.
Reset the query. Call this before trying to use it again with different parameters.
Step the query. When calling this the first time it runs the query. Subsequent calls read rows.
The sql statement to send to the database.
NULL type.
BLOB type.
FLOAT type.
DOUBLE type.
INT type.
INT64 type.
TEXT type.
VARCHAR type.
VALUE type.
BYTES type.
TYPE type.
UNKNOWN type.