SRombauts / SQLiteCpp

SQLiteC++ (SQLiteCpp) is a smart and easy to use C++ SQLite3 wrapper.
http://srombauts.github.io/SQLiteCpp
MIT License
2.22k stars 510 forks source link

How to properly use parameters with "ATTACH DATABASE ?" #429

Open tim-vk opened 1 year ago

tim-vk commented 1 year ago

I'm trying to attach a database and for the life of me: i cannot get it to work.

My first issue: Is it correct that you're not allowed to have quotation (either single or double) around a parameter variable? (?).

The following throws error 25 (SQLITE_RANGE) on query.bind:

SQLite::Statement query(db, R"(ATTACH DATABASE "?")");
query.bind(1, "path/to/database.db"); // Error 25

To solve that I tried moving the quotation marks to the string itself. e.g.:

SQLite::Statement query(db, R"(ATTACH DATABASE ?)");
query.bind(1, "\"path/to/database.db\"");
query.exec(); // Error 14

However, this throws error 14 (SQLITE_CANTOPEN).

If i don't use variables at all it works perfectly!:

// Works!
SQLite::Statement query(db, R"(ATTACH DATABASE "path/to/database.db")");
query.exec(); // I'm a happy developer.

Are these some sqlite/sqlitecpp quirks i'm running into or is this just misuse on my side?

kaptenhonek commented 1 year ago

Do you really need to use quotation marks when you're using a prepared statement? Have you tried the following:

SQLite::Statement query(db, R"(ATTACH DATABASE ?)");
query.bind(1, "path/to/database.db");
query.exec();

That is, without using extra quotation marks when you bind the parameter