I’m trying to access an Sqlite database from Haxe, using the cpp backend. Unfortunately, looking at the standard interface for Sql (
sys.db.Connection and friends), it looks pretty basic — queries are assembled from strings and then compiled on-the-fly. String assembly for SQL’s generally not a good idea due to it being prone to SQL injection attacks, and compiling the statement every time is pretty harsh on performance.
Are there any alternative sqlite bindings out there which support prepared statements (i.e. compiling statements ahead of time and then using them multiple times with different parameters), and/or parameterised statements? I’ve had a look around and haven’t seen anything, but that doesn’t mean much…