How can I use the column name as a wild card here?
return db.executeSql("UPDATE students SET ?=? WHERE uuid=?", [key, value, uuid])
Console Log:
Object {message: "sqlite3_prepare_v2 failure: near "?": syntax error", code: 5}
How can I use the column name as a wild card here?
return db.executeSql("UPDATE students SET ?=? WHERE uuid=?", [key, value, uuid])
Console Log:
Object {message: "sqlite3_prepare_v2 failure: near "?": syntax error", code: 5}
You can’t. That’s outside the “structure” of SQL.
hi, rapropos
could you explain little bit more…
thnx…
Placeholders (like ?
) can only be used for values, not column names. The only way you can do “dynamic” query building like this is with a library or with string manipulation, and if you go that route, you have to be extra-careful to sanitize all externally-sourced data to prevent injection attacks. If that doesn’t make crystal-clear sense, just don’t do it.