Garry's Mod Wiki

Revision Difference

sql.QueryTyped#564725

<function name="QueryTyped" parent="sql" type="libraryfunc">⤶ <description>⤶ Performs a query on the local SQLite database with proper type handling and parameter binding, returns a table as result set, empty table if no results, and false on error. Unlike <page>sql.Query</page>, this function properly handles SQLite data types and allows safe parameter binding to prevent SQL injection attacks.⤶ <warning>⤶ Always use parameter binding with `?` placeholders instead of string concatenation to prevent SQL injection vulnerabilities. This function requires the exact number of parameters to match the number of placeholders.⤶ </warning>⤶ ⤶ <note>⤶ This function only executes a single SQL statement, unlike <page>sql.Query</page> which can execute multiple statements separated by semicolons.⤶ </note>⤶ ⤶ <note>⤶ Large INTEGER values (beyond ±9,007,199,254,740,991) are returned as strings to preserve exact values. This is because Lua represents all numbers as doubles, which lose precision for integers larger than 2⁵³-1. Returning them as strings prevents data corruption from rounding errors.⤶ </note>⤶ </description>⤶ <realm>Shared and Menu</realm>⤶ <args>⤶ <arg name="query" type="string">The query to execute with optional `?` parameter placeholders.</arg>⤶ <arg name="..." type="vararg">Parameters to bind to the query placeholders. Supports nil, boolean, number, and string types.</arg>⤶ </args>⤶ <rets>⤶ <ret name="" type="table|boolean">`false` is returned if there is an error, otherwise a table with properly typed column values (empty table if no results).</ret>⤶ </rets>⤶ </function>⤶ ⤶ <example>⤶ <description>Direct usage examples demonstrating typed queries with parameter binding for all SQLite data types.</description>⤶ <code>⤶ -- Create table with all SQLite data types⤶ sql.Query([[CREATE TABLE IF NOT EXISTS test_table (⤶ id INTEGER PRIMARY KEY,⤶ big_number BIGINT,⤶ small_number INTEGER,⤶ decimal_value DOUBLE,⤶ float_value REAL,⤶ is_enabled BOOLEAN,⤶ has_feature BOOL,⤶ user_name TEXT,⤶ binary_data BLOB,⤶ nill TEXT⤶ )]])⤶ ⤶ -- Insert data with direct parameter binding⤶ sql.QueryTyped([[INSERT INTO test_table (⤶ big_number, small_number, decimal_value, float_value,⤶ is_enabled, has_feature, user_name, binary_data, nill⤶ ) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ? )]],⤶ "76561198261855442", -- BIGINT as string (large Steam ID)⤶ 12345, -- INTEGER⤶ 999.99, -- DOUBLE⤶ 3.14159, -- REAL⤶ true, -- BOOLEAN (stored as 1)⤶ false, -- BOOL (stored as 0)⤶ "Player Name", -- TEXT⤶ "binary\0data\0here",-- BLOB (binary string with null bytes)⤶ nil -- NULLABLE TEXT⤶ )⤶ ⤶ -- Query with parameter binding⤶ local results = sql.QueryTyped("SELECT * FROM test_table WHERE big_number = ?", "76561198261855442")⤶ PrintTable(results)⤶ ⤶ </code>⤶ </example>