On Sun, Mar 7, 2010 at 4:16 PM, Jean-Christophe Deschamps <j...@q-e-d.org> wrote: > >>ATTACH DATABASE ?1 as sysDB > > AFAIK you can't use parameter binding for anything else than litteral > values. > > It makes sense since it would be impossible for the parser and > optimizer to evaluate and produce run-time code for a statement without > knowing beforehand which database or column the statement actually > refers to.
Thank you, I have a sneaking suspicion that was the issue. I was just hoping that I could get away with it, fore I use parameter binding as much as a sprintf, as I do to prevent SQL injection. Should the DB path be in singe quotes, double quotes, or no quotes at all? Sam _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
