Hi there,
Any way of making a custom SQL query and return a string or dynamic value?
For example:
SELECT ? FROM ? - passing email as first parameter and user as second parameter.
I'm trying to make dynamic queries according to parameters I'm extracting from a string from a server with a REGEX pattern - ${user.email}.
Thank you!
eitanaviv
All 2 comments
Sadly, those kind of constructions aren't supported by sqlite, the underlying database engine. Those variables (? in sql) can only be used for expressions. Both column and table names aren't expressions.
What you can do is call customSelectQuery manually and construct the string in there. So for instance
Future<List<String>> loadColumnFromTable(String column, String table) {
final query = 'SELECT $column FROM $table';
return customSelectQuery(query)
.map((row) => row.readString(column))
.get();
}
That should work, but I advise you to be very careful with sql injection vulnerabilities that could happen when constructing sql queries at runtime.
simolus3
on 29 Oct 2019
Wow, thanks for the fast reply!!
eitanaviv
on 29 Oct 2019
Related issues
omidraha
路
3Comments
Ltei
路
3Comments
Beloin
路
4Comments
kira1752
路
3Comments
simolus3
路
4Comments