Revision Difference
sql.QueryTyped#564725
<function name="QueryTyped" parent="sql" type="libraryfunc">⤶
<description>⤶
Performs a query on the local SQLite database with proper type handling and parameter binding, returns a table as result set, empty table if no results, and false on error. Unlike <page>sql.Query</page>, this function properly handles SQLite data types and allows safe parameter binding to prevent SQL injection attacks.⤶
<warning>⤶
Always use parameter binding with `?` placeholders instead of string concatenation to prevent SQL injection vulnerabilities. This function requires the exact number of parameters to match the number of placeholders.⤶
</warning>⤶
⤶
<note>⤶
This function only executes a single SQL statement, unlike <page>sql.Query</page> which can execute multiple statements separated by semicolons.⤶
</note>⤶
⤶
<note>⤶
Large INTEGER values (beyond ±9,007,199,254,740,991) are returned as strings to preserve exact values. This is because Lua represents all numbers as doubles, which lose precision for integers larger than 2⁵³-1. Returning them as strings prevents data corruption from rounding errors.⤶
</note>⤶
</description>⤶
<realm>Shared and Menu</realm>⤶
<args>⤶
<arg name="query" type="string">The query to execute with optional `?` parameter placeholders.</arg>⤶
<arg name="..." type="vararg">Parameters to bind to the query placeholders. Supports nil, boolean, number, and string types.</arg>⤶
</args>⤶
<rets>⤶
<ret name="" type="table|boolean">`false` is returned if there is an error, otherwise a table with properly typed column values (empty table if no results).</ret>⤶
</rets>⤶
</function>⤶
⤶
<example>⤶
<description>Direct usage examples demonstrating typed queries with parameter binding for all SQLite data types.</description>⤶
<code>⤶
-- Create table with all SQLite data types⤶
sql.Query([[CREATE TABLE IF NOT EXISTS test_table (⤶
id INTEGER PRIMARY KEY,⤶
big_number BIGINT,⤶
small_number INTEGER,⤶
decimal_value DOUBLE,⤶
float_value REAL,⤶
is_enabled BOOLEAN,⤶
has_feature BOOL,⤶
user_name TEXT,⤶
binary_data BLOB,⤶
nill TEXT⤶
)]])⤶
⤶
-- Insert data with direct parameter binding⤶
sql.QueryTyped([[INSERT INTO test_table (⤶
big_number, small_number, decimal_value, float_value,⤶
is_enabled, has_feature, user_name, binary_data, nill⤶
) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ? )]],⤶
"76561198261855442", -- BIGINT as string (large Steam ID)⤶
12345, -- INTEGER⤶
999.99, -- DOUBLE⤶
3.14159, -- REAL⤶
true, -- BOOLEAN (stored as 1)⤶
false, -- BOOL (stored as 0)⤶
"Player Name", -- TEXT⤶
"binary\0data\0here",-- BLOB (binary string with null bytes)⤶
nil -- NULLABLE TEXT⤶
)⤶
⤶
-- Query with parameter binding⤶
local results = sql.QueryTyped("SELECT * FROM test_table WHERE big_number = ?", "76561198261855442")⤶
PrintTable(results)⤶
⤶
</code>⤶
</example>