Sqlite wildcards

How can I use the column name as a wild card here?

return db.executeSql("UPDATE students SET ?=? WHERE uuid=?", [key, value, uuid])

Console Log:

Object {message: "sqlite3_prepare_v2 failure: near "?": syntax error", code: 5}

1 Like

You can’t. That’s outside the “structure” of SQL.

hi, rapropos

could you explain little bit more…

thnx…

Placeholders (like ?) can only be used for values, not column names. The only way you can do “dynamic” query building like this is with a library or with string manipulation, and if you go that route, you have to be extra-careful to sanitize all externally-sourced data to prevent injection attacks. If that doesn’t make crystal-clear sense, just don’t do it.