On 5 Oct 2017, at 7:45pm, Stephen Chrzanowski <pontia...@gmail.com> wrote:
> I wanted to bind :OrderBy with field names and conditions based on user > preferences Binding is to values, not to column names. If you have one ORDER BY parameter, you can only bind it to a value. If you want a WHERE parameter you cannot bind a column name, you have to bind a value. It looks like you need to create a string for the entire command rather than just binding values. This, of course, introduces security problems if you allow your users to set substrings themselves rather than picking them from lists you prepare. Simon. _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
