Revision Difference
sql.QueryTyped#564733
<function name="QueryTyped" parent="sql" type="libraryfunc">
<description>
Performs a query on the local SQLite database with proper type handling and parameter binding, returns a table as result set, empty table if no results, and false on error. Unlike <page>sql.Query</page>, this function properly handles SQLite data types and allows safe parameter binding to prevent SQL injection attacks.
<warning>
* Always use parameter binding with `?` placeholders instead of string concatenation to prevent SQL injection vulnerabilities.
* This function requires the exact number of parameters to match the number of placeholders.⤶
⤶
* This function only executes a single SQL statement, unlike <page>sql.Query</page> which can execute multiple statements separated by semicolons.⤶
* This function only executes a single SQL statement, unlike <page>sql.Query</page> which can execute multiple statements separated by semicolons.
* Large INTEGER values (beyond ±9,007,199,254,740,991) are returned as strings to preserve exact values. This is because Lua represents all numbers as doubles, which lose precision for integers larger than 2⁵³-1. Returning them as strings prevents data corruption from rounding errors.
</warning>
</description>
<added>2025.05.29</added>
<realm>Shared and Menu</realm>
<args>
<arg name="query" type="string">The query to execute with optional `?` parameter placeholders.</arg>⤶
<arg name="..." type="vararg">Parameters to bind to the query placeholders. Supports <page>nil</page>, <page>boolean</page>, <page>number</page>, and <page>string</page> types.</arg>⤶
<arg name="query" type="string">The query to execute with optional `?` parameter placeholders.⤶
⤶
<warning>⤶
* Always use parameter binding with `?` placeholders instead of string concatenation to prevent SQL injection vulnerabilities.⤶
</warning>⤶
</arg>⤶
<arg name="queryParams" type="vararg">Parameters to bind to the query placeholders. Supports <page>nil</page>, <page>boolean</page>, <page>number</page>, and <page>string</page> types.⤶
⤶
The number of query parameters must match the number of `?` placeholders, or the query will fail. See examples.⤶
</arg>⤶
</args>
<rets>
<ret name="" type="table|boolean">`false` is returned if there is an error (See <page>sql.LastError</page>), otherwise a table with properly typed column values (empty table if no results).</ret>
</rets>
</function>
<example>
<description>Direct usage examples demonstrating typed queries with parameter binding for all SQLite data types.</description>
<code>
-- Create table with all SQLite data types
sql.Query([[CREATE TABLE IF NOT EXISTS test_table (
id INTEGER PRIMARY KEY,
big_number BIGINT,
small_number INTEGER,
decimal_value DOUBLE,
float_value REAL,
is_enabled BOOLEAN,
has_feature BOOL,
user_name TEXT,
binary_data BLOB,
nill TEXT
)]])
-- Insert data with direct parameter binding
sql.QueryTyped([[INSERT INTO test_table (
big_number, small_number, decimal_value, float_value,
is_enabled, has_feature, user_name, binary_data, nill
) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ? )]],
"76561198261855442", -- BIGINT as string (large Steam ID)
12345, -- INTEGER
999.99, -- DOUBLE
3.14159, -- REAL
true, -- BOOLEAN (stored as 1)
false, -- BOOL (stored as 0)
"Player Name", -- TEXT
"binary\0data\0here",-- BLOB (binary string with null bytes)
nil -- NULLABLE TEXT
)
-- Query with parameter binding
local results = sql.QueryTyped("SELECT * FROM test_table WHERE big_number = ?", "76561198261855442")
PrintTable(results)
</code>
</example>