Sqlite library which supports prepared statements?

davidgiven · September 1, 2020, 6:48pm

Hello —

I’m trying to access an Sqlite database from Haxe, using the cpp backend. Unfortunately, looking at the standard interface for Sql (sys.db.Connection and friends), it looks pretty basic — queries are assembled from strings and then compiled on-the-fly. String assembly for SQL’s generally not a good idea due to it being prone to SQL injection attacks, and compiling the statement every time is pretty harsh on performance.

Are there any alternative sqlite bindings out there which support prepared statements (i.e. compiling statements ahead of time and then using them multiple times with different parameters), and/or parameterised statements? I’ve had a look around and haven’t seen anything, but that doesn’t mean much…

Thanks!

back2dos · September 1, 2020, 6:58pm

Perhaps this will cover your use case? GitHub - HaxeFoundation/record-macros: Macro-based ORM (object-relational mapping)

davidgiven · September 1, 2020, 7:12pm

That’s backed by sys.db.Connection, so it’s still compiling statements every time.

RealyUniqueName · September 1, 2020, 10:26pm

Look for native libraries on the platform you are targeting. In case of multiple targets you can create an abstraction layer to unify different platforms APIs.

davidgiven · September 2, 2020, 11:39pm

I ended up rolling my own eventually: stellation/Sqlite.hx at stellation7 · davidgiven/stellation · GitHub