COMMUNITY

Sqlite library which supports prepared statements?

Hello —

I’m trying to access an Sqlite database from Haxe, using the cpp backend. Unfortunately, looking at the standard interface for Sql (sys.db.Connection and friends), it looks pretty basic — queries are assembled from strings and then compiled on-the-fly. String assembly for SQL’s generally not a good idea due to it being prone to SQL injection attacks, and compiling the statement every time is pretty harsh on performance.

Are there any alternative sqlite bindings out there which support prepared statements (i.e. compiling statements ahead of time and then using them multiple times with different parameters), and/or parameterised statements? I’ve had a look around and haven’t seen anything, but that doesn’t mean much…

Thanks!

Perhaps this will cover your use case? https://github.com/HaxeFoundation/record-macros

That’s backed by sys.db.Connection, so it’s still compiling statements every time.

Look for native libraries on the platform you are targeting. In case of multiple targets you can create an abstraction layer to unify different platforms APIs.

I ended up rolling my own eventually: https://github.com/davidgiven/stellation/blob/stellation7/src/runtime/cpp/Sqlite.hx

1 Like