Closed feefladder closed 1 year ago
This also seems to be in general with query_with_bindings
and string values. I think the line in question is here:
sqlite3_bind_text(stmt, i + 1, (binding_value.operator String()).alloc_c_string(), -1, SQLITE_TRANSIENT);
But I do not see anywhere that there are single quotes placed around them or something...
Ah, I guess this cannot be done, since it references a column name ("coolness"
), which cannot be bound, also not in update statements... Apparently, this prevents SQL injection attacks, which is fair to want to do. Then, this should be a documentation thing
Hi @feefladder
Feel free to open a PR with your changes to the README.md :)
Did so! Actually, I think this is still a (SQLite) bug of some sorts, since it puts a TEXT value into an INTEGER column.
documentation updated
Issue description:
When using the
update_rows
function to increment values like so, e.g. I want to increase coolness of all non-cool values in my database, this doesn't work:because the
coolness+1
is inserted into the query like'coolness+1'
and then we get a string literal in an int column. What is a current workaround is to do a direct query like so:This is unexpected behaviour, because FAQ 1 says you should manually put single quotes whenever needed. Steps to reproduce:
run the reproduction project.
Minimal reproduction project:
bug.zip
Well, uploading doesn't seem to work...
[{coolness:6}, {coolness:6}, {coolness:coolness+1}, {coolness:coolness+1}]
Additional context