Usage in Deno
import { StatementSync } from "node:sqlite";
This class represents a single prepared statement. This class cannot be
instantiated via its constructor. Instead, instances are created via thedatabase.prepare() method. All APIs exposed by this class execute
synchronously.
A prepared statement is an efficient binary representation of the SQL used to create it. Prepared statements are parameterizable, and can be invoked multiple times with different bound values. Parameters also offer protection against SQL injection attacks. For these reasons, prepared statements are preferred over hand-crafted SQL strings when handling user input.
all(...anonymousParameters: SupportedValueType[]): unknown[]
This method executes a prepared statement and returns all results as an array of
objects. If the prepared statement does not return any results, this method
returns an empty array. The prepared statement parameters are bound using
the values in namedParameters and anonymousParameters.
all(namedParameters: Record<string, SupportedValueType>,...anonymousParameters: SupportedValueType[],): unknown[]
expandedSQL(): string
This method returns the source SQL of the prepared statement with parameter
placeholders replaced by values. This method is a wrapper around sqlite3_expanded_sql().
get(...anonymousParameters: SupportedValueType[]): unknown
This method executes a prepared statement and returns the first result as an
object. If the prepared statement does not return any results, this method
returns undefined. The prepared statement parameters are bound using the
values in namedParameters and anonymousParameters.
get(namedParameters: Record<string, SupportedValueType>,...anonymousParameters: SupportedValueType[],): unknown
run(...anonymousParameters: SupportedValueType[]): StatementResultingChanges
This method executes a prepared statement and returns an object summarizing the
resulting changes. The prepared statement parameters are bound using the
values in namedParameters and anonymousParameters.
run(namedParameters: Record<string, SupportedValueType>,...anonymousParameters: SupportedValueType[],): StatementResultingChanges
setAllowBareNamedParameters(enabled: boolean): void
The names of SQLite parameters begin with a prefix character. By default,node:sqlite requires that this prefix character is present when binding
parameters. However, with the exception of dollar sign character, these
prefix characters also require extra quoting when used in object keys.
To improve ergonomics, this method can be used to also allow bare named parameters, which do not require the prefix character in JavaScript code. There are several caveats to be aware of when enabling bare named parameters:
- The prefix character is still required in SQL.
- The prefix character is still allowed in JavaScript. In fact, prefixed names will have slightly better binding performance.
- Using ambiguous named parameters, such as
$kand@k, in the same prepared statement will result in an exception as it cannot be determined how to bind a bare name.
setReadBigInts(enabled: boolean): void
When reading from the database, SQLite INTEGERs are mapped to JavaScript
numbers by default. However, SQLite INTEGERs can store values larger than
JavaScript numbers are capable of representing. In such cases, this method can
be used to read INTEGER data using JavaScript BigInts. This method has no
impact on database write operations where numbers and BigInts are both
supported at all times.
sourceSQL(): string
This method returns the source SQL of the prepared statement. This method is a
wrapper around sqlite3_sql().