<function name="QueryTyped" parent="sql" type="libraryfunc"> <description> Performs a query on the local SQLite database with proper type handling and parameter binding, returns a table as result set, empty table if no results, and false on error. Unlike <page>sql.Query</page>, this function properly handles SQLite data types and allows safe parameter binding to prevent SQL injection attacks. <warning> * Always use parameter binding with `?` placeholders instead of string concatenation to prevent SQL injection vulnerabilities. * This function requires the exact number of parameters to match the number of placeholders.⤶ ⤶ * This function only executes a single SQL statement, unlike <page>sql.Query</page> which can execute multiple statements separated by semicolons.⤶ * This function only executes a single SQL statement, unlike <page>sql.Query</page> which can execute multiple statements separated by semicolons. * Large INTEGER values (beyond ±9,007,199,254,740,991) are returned as strings to preserve exact values. This is because Lua represents all numbers as doubles, which lose precision for integers larger than 2⁵³-1. Returning them as strings prevents data corruption from rounding errors. </warning> </description> <added>2025.05.29</added> <realm>Shared and Menu</realm> <args> <arg name="query" type="string">The query to execute with optional `?` parameter placeholders.</arg>⤶ <arg name="..." type="vararg">Parameters to bind to the query placeholders. Supports <page>nil</page>, <page>boolean</page>, <page>number</page>, and <page>string</page> types.</arg>⤶ <arg name="query" type="string">The query to execute with optional `?` parameter placeholders.⤶ ⤶ <warning>⤶ * Always use parameter binding with `?` placeholders instead of string concatenation to prevent SQL injection vulnerabilities.⤶ </warning>⤶ </arg>⤶ <arg name="queryParams" type="vararg">Parameters to bind to the query placeholders. Supports <page>nil</page>, <page>boolean</page>, <page>number</page>, and <page>string</page> types.⤶ ⤶ The number of query parameters must match the number of `?` placeholders, or the query will fail. See examples.⤶ </arg>⤶ </args> <rets> <ret name="" type="table|boolean">`false` is returned if there is an error (See <page>sql.LastError</page>), otherwise a table with properly typed column values (empty table if no results).</ret> </rets> </function> <example> <description>Direct usage examples demonstrating typed queries with parameter binding for all SQLite data types.</description> <code> -- Create table with all SQLite data types sql.Query([[CREATE TABLE IF NOT EXISTS test_table ( id INTEGER PRIMARY KEY, big_number BIGINT, small_number INTEGER, decimal_value DOUBLE, float_value REAL, is_enabled BOOLEAN, has_feature BOOL, user_name TEXT, binary_data BLOB, nill TEXT )]]) -- Insert data with direct parameter binding sql.QueryTyped([[INSERT INTO test_table ( big_number, small_number, decimal_value, float_value, is_enabled, has_feature, user_name, binary_data, nill ) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ? )]], "76561198261855442", -- BIGINT as string (large Steam ID) 12345, -- INTEGER 999.99, -- DOUBLE 3.14159, -- REAL true, -- BOOLEAN (stored as 1) false, -- BOOL (stored as 0) "Player Name", -- TEXT "binary\0data\0here",-- BLOB (binary string with null bytes) nil -- NULLABLE TEXT ) -- Query with parameter binding local results = sql.QueryTyped("SELECT * FROM test_table WHERE big_number = ?", "76561198261855442") PrintTable(results) </code> </example>