Parameterized SQL statement: Difference between revisions
Content added Content deleted
m (Use type inference. Wrap managed objects SqlConnection and SqlCommand in using statements to ensure they are closed on exiting method scope as per Microsoft docs https://docs.microsoft.com/en-us/dotnet/api/system.data.sqlclient.sqlconnection) |
Thundergnat (talk | contribs) m (syntax highlighting fixup automation) |
||
Line 2: | Line 2: | ||
Using a SQL update statement like this one (spacing is optional): |
Using a SQL update statement like this one (spacing is optional): |
||
< |
<syntaxhighlight lang="sql">UPDATE players |
||
SET name = 'Smith, Steve', score = 42, active = true |
SET name = 'Smith, Steve', score = 42, active = true |
||
WHERE jerseyNum = 99</ |
WHERE jerseyNum = 99</syntaxhighlight>show how to make a parameterized SQL statement, set the parameters to the values given above, and execute the statement. |
||
<blockquote cite="http://blog.codinghorror.com/give-me-parameterized-sql-or-give-me-death/">Non-parameterized SQL is the GoTo statement of database programming. Don't do it, and make sure your coworkers don't either.</blockquote> |
<blockquote cite="http://blog.codinghorror.com/give-me-parameterized-sql-or-give-me-death/">Non-parameterized SQL is the GoTo statement of database programming. Don't do it, and make sure your coworkers don't either.</blockquote> |
||
=={{header|8th}}== |
=={{header|8th}}== |
||
< |
<syntaxhighlight lang="forth">\ assuming the var 'db' contains an opened database with a schema matching the problem: |
||
db @ |
db @ |
||
"UPDATE players SET name=?1,score=?2,active=?3 WHERE jerseyNum=?4" |
"UPDATE players SET name=?1,score=?2,active=?3 WHERE jerseyNum=?4" |
||
Line 21: | Line 21: | ||
\ execute the query |
\ execute the query |
||
db @ swap db:exec</ |
db @ swap db:exec</syntaxhighlight> |
||
=={{header|Ada}}== |
=={{header|Ada}}== |
||
< |
<syntaxhighlight lang="ada">-- Version for sqlite |
||
with GNATCOLL.SQL_Impl; use GNATCOLL.SQL_Impl; |
with GNATCOLL.SQL_Impl; use GNATCOLL.SQL_Impl; |
||
with GNATCOLL.SQL.Exec; use GNATCOLL.SQL.Exec; |
with GNATCOLL.SQL.Exec; use GNATCOLL.SQL.Exec; |
||
Line 61: | Line 61: | ||
Free (Conn); |
Free (Conn); |
||
Free (DB_Descr); |
Free (DB_Descr); |
||
end Prepared_Query;</ |
end Prepared_Query;</syntaxhighlight> |
||
=={{header|Arturo}}== |
=={{header|Arturo}}== |
||
< |
<syntaxhighlight lang="rebol">; Helper functions |
||
createTable: function [][ |
createTable: function [][ |
||
Line 103: | Line 103: | ||
print ["getting user with name: JohnDoe =>" findUser "JohnDoe"] |
print ["getting user with name: JohnDoe =>" findUser "JohnDoe"] |
||
close db</ |
close db</syntaxhighlight> |
||
{{out}} |
{{out}} |
||
Line 119: | Line 119: | ||
Tested with gcc version 4.9.2 (Raspbian 4.9.2-10) and SQLite 3.8.7.1 |
Tested with gcc version 4.9.2 (Raspbian 4.9.2-10) and SQLite 3.8.7.1 |
||
< |
<syntaxhighlight lang="c">#include <stdio.h> |
||
#include <stdlib.h> |
#include <stdlib.h> |
||
#include <sqlite3.h> |
#include <sqlite3.h> |
||
Line 232: | Line 232: | ||
} |
} |
||
printf("\n"); |
printf("\n"); |
||
}</ |
}</syntaxhighlight> |
||
{{out}} |
{{out}} |
||
Line 249: | Line 249: | ||
=={{header|C sharp|C#}}== |
=={{header|C sharp|C#}}== |
||
< |
<syntaxhighlight lang="csharp">using System.Data.Sql; |
||
using System.Data.SqlClient; |
using System.Data.SqlClient; |
||
Line 271: | Line 271: | ||
} |
} |
||
} |
} |
||
}</ |
}</syntaxhighlight> |
||
=={{header|C++}}== |
=={{header|C++}}== |
||
{{libheader|Qt}} |
{{libheader|Qt}} |
||
This example uses the Qt SQL module to access an ODBC data source. |
This example uses the Qt SQL module to access an ODBC data source. |
||
< |
<syntaxhighlight lang="cpp">#include <QtSql> |
||
#include <iostream> |
#include <iostream> |
||
Line 308: | Line 308: | ||
} |
} |
||
return 0; |
return 0; |
||
}</ |
}</syntaxhighlight> |
||
=={{header|Clojure}}== |
=={{header|Clojure}}== |
||
< |
<syntaxhighlight lang="clojure">(require '[clojure.java.jdbc :as sql]) |
||
; Using h2database for this simple example. |
; Using h2database for this simple example. |
||
(def db {:classname "org.h2.Driver" |
(def db {:classname "org.h2.Driver" |
||
Line 320: | Line 320: | ||
; As an alternative to update!, use execute! |
; As an alternative to update!, use execute! |
||
(sql/execute! db ["UPDATE players SET name = ?, score = ?, active = ? WHERE jerseyNum = ?" "Smith, Steve" 42 true 99])</ |
(sql/execute! db ["UPDATE players SET name = ?, score = ?, active = ? WHERE jerseyNum = ?" "Smith, Steve" 42 true 99])</syntaxhighlight> |
||
=={{header|F_Sharp|F#}}== |
=={{header|F_Sharp|F#}}== |
||
{{trans|C#}} |
{{trans|C#}} |
||
< |
<syntaxhighlight lang="fsharp">open System.Data.SqlClient |
||
[<EntryPoint>] |
[<EntryPoint>] |
||
Line 340: | Line 340: | ||
tCommand.ExecuteNonQuery() |> ignore |
tCommand.ExecuteNonQuery() |> ignore |
||
0</ |
0</syntaxhighlight> |
||
=={{header|Go}}== |
=={{header|Go}}== |
||
< |
<syntaxhighlight lang="go">package main |
||
import ( |
import ( |
||
Line 375: | Line 375: | ||
} |
} |
||
rows.Close() |
rows.Close() |
||
}</ |
}</syntaxhighlight> |
||
{{out}} |
{{out}} |
||
<pre> |
<pre> |
||
Line 386: | Line 386: | ||
Example uses the [http://hackage.haskell.org/package/HDBC <tt>HDBC</tt>] package: |
Example uses the [http://hackage.haskell.org/package/HDBC <tt>HDBC</tt>] package: |
||
< |
<syntaxhighlight lang="haskell">module Main (main) where |
||
import Database.HDBC (IConnection, commit, run, toSql) |
import Database.HDBC (IConnection, commit, run, toSql) |
||
Line 405: | Line 405: | ||
main :: IO () |
main :: IO () |
||
main = undefined</ |
main = undefined</syntaxhighlight> |
||
You'll need an instance of a type with an instance for the <tt>IConnection</tt> type class in order to use this function, such as [http://hackage.haskell.org/package/HDBC-postgresql-2.3.2.5/docs/Database-HDBC-PostgreSQL.html#t:Connection <tt>Connection</tt>] from [http://hackage.haskell.org/package/HDBC-postgresql <tt>HDBC-postgresql</tt>]. |
You'll need an instance of a type with an instance for the <tt>IConnection</tt> type class in order to use this function, such as [http://hackage.haskell.org/package/HDBC-postgresql-2.3.2.5/docs/Database-HDBC-PostgreSQL.html#t:Connection <tt>Connection</tt>] from [http://hackage.haskell.org/package/HDBC-postgresql <tt>HDBC-postgresql</tt>]. |
||
=={{header|Huginn}}== |
=={{header|Huginn}}== |
||
< |
<syntaxhighlight lang="huginn">import Database as db; |
||
import Algorithms as algo; |
import Algorithms as algo; |
||
import FileSystem as fs; |
import FileSystem as fs; |
||
Line 450: | Line 450: | ||
} |
} |
||
return ( 0 ); |
return ( 0 ); |
||
}</ |
}</syntaxhighlight> |
||
=={{header|Java}}== |
=={{header|Java}}== |
||
< |
<syntaxhighlight lang="java"> |
||
import java.sql.DriverManager; |
import java.sql.DriverManager; |
||
import java.sql.Connection; |
import java.sql.Connection; |
||
Line 489: | Line 489: | ||
} |
} |
||
} |
} |
||
</syntaxhighlight> |
|||
</lang> |
|||
=={{header|Julia}}== |
=={{header|Julia}}== |
||
Line 495: | Line 495: | ||
Uses the SQLite package. |
Uses the SQLite package. |
||
< |
<syntaxhighlight lang="julia">using SQLite |
||
name = "Smith, Steve" |
name = "Smith, Steve" |
||
Line 513: | Line 513: | ||
tbl = SQLite.query(db, "SELECT * from players") |
tbl = SQLite.query(db, "SELECT * from players") |
||
println(tbl)</ |
println(tbl)</syntaxhighlight> |
||
Line 524: | Line 524: | ||
=={{header|Kotlin}}== |
=={{header|Kotlin}}== |
||
< |
<syntaxhighlight lang="scala">// Version 1.2.41 |
||
import java.sql.DriverManager |
import java.sql.DriverManager |
||
Line 547: | Line 547: | ||
} |
} |
||
conn.close() |
conn.close() |
||
}</ |
}</syntaxhighlight> |
||
=={{header|M2000 Interpreter}}== |
=={{header|M2000 Interpreter}}== |
||
<syntaxhighlight lang="m2000 interpreter"> |
|||
<lang M2000 Interpreter> |
|||
Module Parametrized_Sql { |
Module Parametrized_Sql { |
||
Base "rosetta" ' warning erase database if found it in current directory |
Base "rosetta" ' warning erase database if found it in current directory |
||
Line 567: | Line 567: | ||
} |
} |
||
Parametrized_Sql |
Parametrized_Sql |
||
</syntaxhighlight> |
|||
</lang> |
|||
=={{header|Mathematica}}/{{header|Wolfram Language}}== |
=={{header|Mathematica}}/{{header|Wolfram Language}}== |
||
< |
<syntaxhighlight lang="mathematica">Needs["DatabaseLink`"]; |
||
conn=OpenSQLConnection[JDBC["ODBC(DSN)","testdb"],"Username"->"John","Password"->"JohnsPassword"]; |
conn=OpenSQLConnection[JDBC["ODBC(DSN)","testdb"],"Username"->"John","Password"->"JohnsPassword"]; |
||
SQLExecute[conn,"UPDATE players SET name = `1`, score = `2`, active = `3` WHERE jerseyNum = `4`", {SQLArgument["Smith, Steve",42,True,99]}] |
SQLExecute[conn,"UPDATE players SET name = `1`, score = `2`, active = `3` WHERE jerseyNum = `4`", {SQLArgument["Smith, Steve",42,True,99]}] |
||
CloseSQLConnection[conn];</ |
CloseSQLConnection[conn];</syntaxhighlight> |
||
=={{header|NetRexx}}== |
=={{header|NetRexx}}== |
||
Using an [http://db.apache.org/derby/ Apache Derby] embedded database: |
Using an [http://db.apache.org/derby/ Apache Derby] embedded database: |
||
< |
<syntaxhighlight lang="netrexx">/* NetRexx */ |
||
options replace format comments java crossref symbols nobinary |
options replace format comments java crossref symbols nobinary |
||
Line 716: | Line 716: | ||
method isFalse() public static returns boolean |
method isFalse() public static returns boolean |
||
return \isTrue |
return \isTrue |
||
</syntaxhighlight> |
|||
</lang> |
|||
=={{header|Nim}}== |
=={{header|Nim}}== |
||
Using an SQLite in memory database and "db_sqlite" high level binding from standard library. |
Using an SQLite in memory database and "db_sqlite" high level binding from standard library. |
||
< |
<syntaxhighlight lang="nim">import db_sqlite |
||
let db = open(":memory:", "", "", "") |
let db = open(":memory:", "", "", "") |
||
Line 736: | Line 736: | ||
echo row |
echo row |
||
db.close()</ |
db.close()</syntaxhighlight> |
||
{{out}} |
{{out}} |
||
Line 742: | Line 742: | ||
=={{header|Objeck}}== |
=={{header|Objeck}}== |
||
< |
<syntaxhighlight lang="objeck">use IO; |
||
use ODBC; |
use ODBC; |
||
Line 760: | Line 760: | ||
}; |
}; |
||
} |
} |
||
}</ |
}</syntaxhighlight> |
||
=={{header|Pascal}}== |
=={{header|Pascal}}== |
||
Line 766: | Line 766: | ||
{{libheader|SQLite}} |
{{libheader|SQLite}} |
||
Tested with Free Pascal 2.6.4 (arm) and SQLite 3.8.7.1 |
Tested with Free Pascal 2.6.4 (arm) and SQLite 3.8.7.1 |
||
< |
<syntaxhighlight lang="pascal">program Parametrized_SQL_Statement; |
||
uses |
uses |
||
sqlite3, sysutils; |
sqlite3, sysutils; |
||
Line 889: | Line 889: | ||
// Close the database connection. |
// Close the database connection. |
||
sqlite3_close(db); |
sqlite3_close(db); |
||
end.</ |
end.</syntaxhighlight> |
||
{{out}} |
{{out}} |
||
<pre> |
<pre> |
||
Line 905: | Line 905: | ||
=={{header|Perl}}== |
=={{header|Perl}}== |
||
< |
<syntaxhighlight lang="perl">use DBI; |
||
my $db = DBI->connect('DBI:mysql:mydatabase:host','login','password'); |
my $db = DBI->connect('DBI:mysql:mydatabase:host','login','password'); |
||
Line 911: | Line 911: | ||
$statment = $db->prepare("UPDATE players SET name = ?, score = ?, active = ? WHERE jerseyNum = ?"); |
$statment = $db->prepare("UPDATE players SET name = ?, score = ?, active = ? WHERE jerseyNum = ?"); |
||
$rows_affected = $statment->execute("Smith, Steve",42,'true',99);</ |
$rows_affected = $statment->execute("Smith, Steve",42,'true',99);</syntaxhighlight> |
||
=={{header|Phix}}== |
=={{header|Phix}}== |
||
{{libheader|SQLite}} |
{{libheader|SQLite}} |
||
<!--< |
<!--<syntaxhighlight lang="phix">(notonline)--> |
||
<span style="color: #000080;font-style:italic;">-- |
<span style="color: #000080;font-style:italic;">-- |
||
-- demo\rosetta\Parameterized_SQL_statement.exw |
-- demo\rosetta\Parameterized_SQL_statement.exw |
||
Line 988: | Line 988: | ||
<span style="color: #000000;">sqlite3_close</span><span style="color: #0000FF;">(</span><span style="color: #000000;">db</span><span style="color: #0000FF;">)</span> |
<span style="color: #000000;">sqlite3_close</span><span style="color: #0000FF;">(</span><span style="color: #000000;">db</span><span style="color: #0000FF;">)</span> |
||
<!--</ |
<!--</syntaxhighlight>--> |
||
{{out}} |
{{out}} |
||
<pre> |
<pre> |
||
Line 1,004: | Line 1,004: | ||
=={{header|PHP}}== |
=={{header|PHP}}== |
||
< |
<syntaxhighlight lang="php">$updatePlayers = "UPDATE `players` SET `name` = ?, `score` = ?, `active` = ?\n". |
||
"WHERE `jerseyNum` = ?"; |
"WHERE `jerseyNum` = ?"; |
||
$dbh = new PDO( "mysql:dbname=db;host=localhost", "username", "password" ); |
$dbh = new PDO( "mysql:dbname=db;host=localhost", "username", "password" ); |
||
Line 1,019: | Line 1,019: | ||
// alternatively pass parameters as an array to the execute method |
// alternatively pass parameters as an array to the execute method |
||
$updateStatement = $dbh->prepare( $updatePlayers ); |
$updateStatement = $dbh->prepare( $updatePlayers ); |
||
$updateStatement->execute( array( "Smith, Steve", 42, 1, 99 ) );</ |
$updateStatement->execute( array( "Smith, Steve", 42, 1, 99 ) );</syntaxhighlight> |
||
=={{header|PicoLisp}}== |
=={{header|PicoLisp}}== |
||
As PicoLisp uses normal function calls for DB manipulations, parameters are always treated as plain data and are not executed. |
As PicoLisp uses normal function calls for DB manipulations, parameters are always treated as plain data and are not executed. |
||
< |
<syntaxhighlight lang="picolisp">(for P (collect 'jerseyNum '+Players 99) |
||
(put!> P 'name "Smith, Steve") |
(put!> P 'name "Smith, Steve") |
||
(put!> P 'score 42) |
(put!> P 'score 42) |
||
(put!> P 'active T) )</ |
(put!> P 'active T) )</syntaxhighlight> |
||
=={{header|PureBasic}}== |
=={{header|PureBasic}}== |
||
< |
<syntaxhighlight lang="purebasic">UseSQLiteDatabase() |
||
Procedure CheckDatabaseUpdate(database, query$) |
Procedure CheckDatabaseUpdate(database, query$) |
||
Line 1,081: | Line 1,081: | ||
Print(#CRLF$ + #CRLF$ + "Press ENTER to exit"): Input() |
Print(#CRLF$ + #CRLF$ + "Press ENTER to exit"): Input() |
||
CloseConsole() |
CloseConsole() |
||
EndIf</ |
EndIf</syntaxhighlight> |
||
Sample output: |
Sample output: |
||
Line 1,090: | Line 1,090: | ||
=={{header|Python}}== |
=={{header|Python}}== |
||
{{trans|Ruby}} |
{{trans|Ruby}} |
||
< |
<syntaxhighlight lang="python">import sqlite3 |
||
db = sqlite3.connect(':memory:') |
db = sqlite3.connect(':memory:') |
||
Line 1,114: | Line 1,114: | ||
# and show the results |
# and show the results |
||
for row in db.execute('select * from players'): |
for row in db.execute('select * from players'): |
||
print(row)</ |
print(row)</syntaxhighlight> |
||
outputs |
outputs |
||
<pre>(u'Smith, Steve', 42, 1, 99) |
<pre>(u'Smith, Steve', 42, 1, 99) |
||
Line 1,122: | Line 1,122: | ||
{{works with|PostgreSQL}} |
{{works with|PostgreSQL}} |
||
{{libheader|sql db-lib}} |
{{libheader|sql db-lib}} |
||
< |
<syntaxhighlight lang="racket"> |
||
#lang racket/base |
#lang racket/base |
||
(require sql db) |
(require sql db) |
||
Line 1,145: | Line 1,145: | ||
'("Smith, Steve" 42 #t 99)) |
'("Smith, Steve" 42 #t 99)) |
||
</syntaxhighlight> |
|||
</lang> |
|||
=={{header|Raku}}== |
=={{header|Raku}}== |
||
(formerly Perl 6) |
(formerly Perl 6) |
||
<lang |
<syntaxhighlight lang="raku" line>use DBIish; |
||
my $db = DBIish.connect('DBI:mysql:mydatabase:host','login','password'); |
my $db = DBIish.connect('DBI:mysql:mydatabase:host','login','password'); |
||
Line 1,155: | Line 1,155: | ||
my $update = $db.prepare("UPDATE players SET name = ?, score = ?, active = ? WHERE jerseyNum = ?"); |
my $update = $db.prepare("UPDATE players SET name = ?, score = ?, active = ? WHERE jerseyNum = ?"); |
||
my $rows-affected = $update.execute("Smith, Steve",42,'true',99);</ |
my $rows-affected = $update.execute("Smith, Steve",42,'true',99);</syntaxhighlight> |
||
=={{header|Ruby}}== |
=={{header|Ruby}}== |
||
Using the {{libheader|sqlite3-ruby}} gem |
Using the {{libheader|sqlite3-ruby}} gem |
||
[[Category:SQLite]] |
[[Category:SQLite]] |
||
< |
<syntaxhighlight lang="ruby">require 'sqlite3' |
||
db = SQLite3::Database.new(":memory:") |
db = SQLite3::Database.new(":memory:") |
||
Line 1,192: | Line 1,192: | ||
# and show the results |
# and show the results |
||
db.execute2('select * from players') {|row| p row}</ |
db.execute2('select * from players') {|row| p row}</syntaxhighlight> |
||
outputs |
outputs |
||
<pre>["name", "score", "active", "jerseyNum"] |
<pre>["name", "score", "active", "jerseyNum"] |
||
Line 1,201: | Line 1,201: | ||
=={{header|Run BASIC}}== |
=={{header|Run BASIC}}== |
||
{{incorrect|Run BASIC|Executing a NON-parameterized update DML. This solution is exactly the opposite of the task. This example is what is explicitly warned in the task.}} |
{{incorrect|Run BASIC|Executing a NON-parameterized update DML. This solution is exactly the opposite of the task. This example is what is explicitly warned in the task.}} |
||
< |
<syntaxhighlight lang="runbasic">sqliteconnect #mem, ":memory:" |
||
#mem execute("CREATE table players (name, score, active, jerseyNum)") |
#mem execute("CREATE table players (name, score, active, jerseyNum)") |
||
#mem execute("INSERT INTO players VALUES ('Jones, Bob',0,'N',99)") |
#mem execute("INSERT INTO players VALUES ('Jones, Bob',0,'N',99)") |
||
Line 1,223: | Line 1,223: | ||
print name$;chr$(9);score;chr$(9);active$;chr$(9);jerseyNum |
print name$;chr$(9);score;chr$(9);active$;chr$(9);jerseyNum |
||
WEND |
WEND |
||
end</ |
end</syntaxhighlight> |
||
<pre>Output |
<pre>Output |
||
Smith, Steve 42 TRUE 99 |
Smith, Steve 42 TRUE 99 |
||
Line 1,232: | Line 1,232: | ||
===Using [http://slick.lightbend.com/doc/3.2.3/introduction.html Slick] FRM=== |
===Using [http://slick.lightbend.com/doc/3.2.3/introduction.html Slick] FRM=== |
||
{{Out}}Best seen running in your browser [https://scastie.scala-lang.org/fJKRDaydSsGGlZQXJUhvxw Scastie (remote JVM)]. |
{{Out}}Best seen running in your browser [https://scastie.scala-lang.org/fJKRDaydSsGGlZQXJUhvxw Scastie (remote JVM)]. |
||
< |
<syntaxhighlight lang="scala">import slick.jdbc.H2Profile.api._ |
||
import slick.sql.SqlProfile.ColumnOption.SqlType |
import slick.sql.SqlProfile.ColumnOption.SqlType |
||
Line 1,288: | Line 1,288: | ||
} yield n), Duration.Inf) |
} yield n), Duration.Inf) |
||
}</ |
}</syntaxhighlight> |
||
=={{header|Seed7}}== |
=={{header|Seed7}}== |
||
Line 1,302: | Line 1,302: | ||
A column from a result row is retrieved with the function [http://seed7.sourceforge.net/libraries/sql_base.htm#column%28in_sqlStatement,in_integer,attr_integer%29 column]. |
A column from a result row is retrieved with the function [http://seed7.sourceforge.net/libraries/sql_base.htm#column%28in_sqlStatement,in_integer,attr_integer%29 column]. |
||
< |
<syntaxhighlight lang="seed7">$ include "seed7_05.s7i"; |
||
include "sql_base.s7i"; |
include "sql_base.s7i"; |
||
Line 1,333: | Line 1,333: | ||
execute(testDb, "drop table players"); |
execute(testDb, "drop table players"); |
||
close(testDb); |
close(testDb); |
||
end func;</ |
end func;</syntaxhighlight> |
||
{{out}} |
{{out}} |
||
Line 1,342: | Line 1,342: | ||
=={{header|SQL}}== |
=={{header|SQL}}== |
||
{{works with|Oracle}} |
{{works with|Oracle}} |
||
< |
<syntaxhighlight lang="sql">-- This works in Oracle's SQL*Plus command line utility |
||
VARIABLE P_NAME VARCHAR2(20); |
VARIABLE P_NAME VARCHAR2(20); |
||
Line 1,381: | Line 1,381: | ||
commit; |
commit; |
||
select * from players;</ |
select * from players;</syntaxhighlight> |
||
{{Out}} |
{{Out}} |
||
<pre>SQL> SQL> |
<pre>SQL> SQL> |
||
Line 1,402: | Line 1,402: | ||
{{works with|Db2 LUW}} |
{{works with|Db2 LUW}} |
||
The following example is indeed parameterized SQL with named placeholders and it prevents SQL injections, and the SQL performs very well, because the execution plan is also precompiled. |
The following example is indeed parameterized SQL with named placeholders and it prevents SQL injections, and the SQL performs very well, because the execution plan is also precompiled. |
||
< |
<syntaxhighlight lang="sql pl"> |
||
--#SET TERMINATOR @ |
--#SET TERMINATOR @ |
||
Line 1,429: | Line 1,429: | ||
SELECT * FROM PLAYERS @ |
SELECT * FROM PLAYERS @ |
||
</syntaxhighlight> |
|||
</lang> |
|||
Output: |
Output: |
||
<pre> |
<pre> |
||
Line 1,468: | Line 1,468: | ||
=={{header|Tcl}}== |
=={{header|Tcl}}== |
||
{{works with|Tcl|8.6}} |
{{works with|Tcl|8.6}} |
||
< |
<syntaxhighlight lang="tcl">package require Tcl 8.6 |
||
# These next two lines are the only ones specific to SQLite |
# These next two lines are the only ones specific to SQLite |
||
Line 1,489: | Line 1,489: | ||
# With apologies to http://xkcd.com/327/ |
# With apologies to http://xkcd.com/327/ |
||
setPlayer $db 76 -> "Robert'; DROP TABLE players--" 0 false |
setPlayer $db 76 -> "Robert'; DROP TABLE players--" 0 false |
||
$db close</ |
$db close</syntaxhighlight> |
||
=={{header|Wren}}== |
=={{header|Wren}}== |
||
{{libheader|Wren-sql}} |
{{libheader|Wren-sql}} |
||
An embedded program using our SQLite wrapper. |
An embedded program using our SQLite wrapper. |
||
< |
<syntaxhighlight lang="ecmascript">import "./sql" for Connection |
||
var db = Connection.open("rc.db") |
var db = Connection.open("rc.db") |
||
Line 1,522: | Line 1,522: | ||
System.print("\nAfter update:\n") |
System.print("\nAfter update:\n") |
||
db.printTable("SELECT * FROM players", widths)</ |
db.printTable("SELECT * FROM players", widths)</syntaxhighlight> |
||
{{out}} |
{{out}} |