On 11/17/17, Peter Da Silva <[email protected]> wrote: > > $db eval { > SELECT Tea > FROM teaInStock > ORDER BY LastUsed DESC > LIMIT $nrToFetch; > } { > ... do something with $Tea ... > } > > This latter case works because the query is surrounded by {} so Tcl won’t > substitute the variable, it will be seen and securely inserted into the > query by SQLite.
FWIW, this is the reason that SQLite, uniquely among all modern SQL database engines, understands $nrToFetch as a bound parameter. -- D. Richard Hipp [email protected] _______________________________________________ sqlite-users mailing list [email protected] http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
