On 5 Oct 2017, at 7:45pm, Stephen Chrzanowski <pontia...@gmail.com> wrote:
> I wanted to bind :OrderBy with field names and conditions based on user
Binding is to values, not to column names. If you have one ORDER BY parameter,
you can only bind it to a value. If you want a WHERE parameter you cannot bind
a column name, you have to bind a value.
It looks like you need to create a string for the entire command rather than
just binding values. This, of course, introduces security problems if you
allow your users to set substrings themselves rather than picking them from
lists you prepare.
sqlite-users mailing list