sqlite-simple icon indicating copy to clipboard operation
sqlite-simple copied to clipboard
verified publisher icon nurpax

'In' arguments are not supported

Open nurpax opened this issue 13 years ago • 9 comments

SQL parameter expansion for cases like

select * from whatever where id in ?" (In [3,4,5])

is not currently supported.

The reason being that it's not easily (or at all?) supported by sqlite3's prepared statement bound parameters.

To support this, would need to bring back query string parsing and string substitution.

Filing this bug about this missing feature in the hope that someone has an idea how to get this working with bound params.

nurpax avatar Aug 12 '12 08:08 nurpax

@nurpax Any news on this? Is it possible to implement something similar to what is done for postgresql-simple?

  • http://hackage.haskell.org/package/postgresql-simple-0.5.4.0/docs/Database-PostgreSQL-Simple.html#t:In

Ideally with support for named parameters as well.

chshersh avatar Jul 27 '18 04:07 chshersh

No news. The original bug description still stands. IN would require parsing the sql statement and generating a new one. I’m unwilling to do that as the current implementation just passes the original query string down to sqlite. This is very robust as sqlite does all the hardwork.

Sent with GitHawk

nurpax avatar Jul 27 '18 08:07 nurpax

Any news on this front?

cjduncana avatar Dec 23 '19 23:12 cjduncana

Is the fastest way to achieve the lookup in the example to run the query three times for each of [3,4,5]? Or is there a better/faster workaround; e.g. constructing the Query manually with string concatenation?

P.S. Thanks for this library.

aryairani avatar Jul 04 '20 15:07 aryairani

@aryairani If you're meaning runtime speed then string-splicing might be the easier thing to do (albeit it being less safe).

eyeinsky avatar Mar 24 '23 14:03 eyeinsky

@nurpax Where do you go looking for whether sqlite has grown support for the in query for prepared statements? 2012 was a long time ago :).

eyeinsky avatar Mar 24 '23 14:03 eyeinsky

You think I've changed my mind about this? :) (I still think the original position is the right thing, albeit annoying from a user's point of view. But it's very bug-free and secure thing to do.)

But you'll have to ask the current maintainers for their opinion. I've stopped working on this library (and in general, do very little if any Haskell.)

nurpax avatar Mar 24 '23 17:03 nurpax

@nurpax No. :) The question I was trying to ask was that whether sqlite's prepared statements had added support for in query (such that they could be passed to it like for the other query types), and where would one go looking to find out if such support was added.

I do agree that it's much simpler to have sqlite itself parse the query templates, its params and then merge them (if I understood the issue right).

eyeinsky avatar Mar 26 '23 10:03 eyeinsky

I guess you'd have to look into sqlite's C API to see if there are any new features related to this. Also worth looking if any other other SQL bindings (for any language) or ORM libraries have some certain ways of dealing with IN args.

nurpax avatar Mar 26 '23 11:03 nurpax