On 6/9/17, Zach C. <fxc...@gmail.com> wrote: > I was partially unclear with using a constant table name here; what I > actually need as well is the table name as effectively a const that I > control as well. So more like > > mydb eval {$SELECT json FROM $table WHERE json_extract(json, '$.hash') = > $someId}
Like this then: mydb eval "SELECT json FROM $table WHERE json_extract(json,'\$.hash')=\$someId" Put a backslash \ before every $ that you want passed down into SQLite. And not that you definitely want the $ on $someId passed down into SQLite. You do *not* want TCL to expand $someId for you. > > The problem is this will cause $table to be interpolated as a SQL string, > which it is not: it is a table name. But even if I _do_ make the table name > a literal, as in this query: > > % set hash 24471899 > 24471899 > % mydb eval {SELECT json FROM NotImportant WHERE json_extract(json, > '$.hash') = $hash} > > _and_ I'm using curly-brace evaluation, the json_extract fails. > > It isn't JSON1 because if I _directly_ interpolate (introducing the > possibility of SQL injection) it works fine. > > Even if I make the JSON path its own variable and do the same, it fails: > > % set json_path {$.hash} > $.hash > % mydb eval {SELECT json FROM NotImportant WHERE json_extract(json, > $json_path) = $hash} > % > > So I'm kind of at a loss. > -- D. Richard Hipp d...@sqlite.org _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users