mirror of
https://github.com/node-red/node-red-nodes.git
synced 2023-10-10 13:36:58 +02:00
Sqlite Node - docs update (#869)
* Update README.md 1. Updated node readme to match node's html help. 2. Added Example clarifying the use of parameters in a msg.topic query.
This commit is contained in:
parent
f9b4d2ec01
commit
7ff905d224
@ -21,19 +21,46 @@ Run the following command in your Node-RED user directory - typically `~/.node-r
|
||||
Usage
|
||||
-----
|
||||
|
||||
Allows basic access to a Sqlite database.
|
||||
Allows access to a SQLite database.
|
||||
|
||||
This node uses the **db.all** operation against the configured database.
|
||||
This does allow INSERTS, UPDATES and DELETES.
|
||||
SQL Query sets how the query is passed to the node.
|
||||
|
||||
By it's very nature it is SQL injection... so *be careful* out there...
|
||||
SQL Query Via msg.topic and Fixed Statement uses the db.all operation against the configured database.
|
||||
This does allow INSERTS, UPDATES and DELETES. By its very nature it is SQL injection... so be careful out there...
|
||||
|
||||
`msg.topic` must hold the *query* for the database, and the result is returned in `msg.payload`.
|
||||
SQL Type Prepared Statement also uses db.all but sanitizes parameters passed, eliminating the possibility of SQL injection.
|
||||
|
||||
SQL Type Batch without response uses db.exec which runs all SQL statements in the provided string. No result rows are returned.
|
||||
|
||||
When using Via msg.topic or Batch without response msg.topic must hold the query for the database.
|
||||
|
||||
When using Via msg.topic, parameters can be passed in the query using a msg.payload array. Ex:
|
||||
|
||||
```
|
||||
msg.topic = `INSERT INTO user_table (name, surname) VALUES ($name, $surname)`
|
||||
msg.payload = ["John", "Smith"]
|
||||
return msg;
|
||||
```
|
||||
|
||||
When using Normal or Prepared Statement, the query must be entered in the node config.
|
||||
|
||||
Pass in the parameters as an object in msg.params for Prepared Statement. Ex:
|
||||
```
|
||||
msg.params = {
|
||||
$id:1,
|
||||
$name:"John Doe"
|
||||
}
|
||||
```
|
||||
Parameter object names must match parameters set up in the Prepared Statement. If you get the error SQLITE_RANGE: bind or column index out of range be sure to include $ on the parameter object key.
|
||||
The SQL query for the example above could be: insert into user_table (user_id, user) VALUES ($id, $name);
|
||||
|
||||
Using any SQL Query, the result is returned in msg.payload
|
||||
|
||||
Typically the returned payload will be an array of the result rows, (or an error).
|
||||
|
||||
You can load sqlite extensions by inputting a `msg.extension` property containing the full path and filename.
|
||||
You can load SQLite extensions by inputting a msg.extension property containing the full path and filename.
|
||||
|
||||
The reconnect timeout in milliseconds can be changed by adding a line to **settings.js**
|
||||
The reconnect timeout in milliseconds can be changed by adding a line to `settings.js`
|
||||
|
||||
`sqliteReconnectTime: 20000,`
|
||||
|
||||
sqliteReconnectTime: 20000,
|
||||
|
@ -6,6 +6,10 @@
|
||||
<p>SQL Type <i>Prepared Statement</i> also uses <b>db.all</b> but sanitizes parameters passed, eliminating the possibility of SQL injection.</p>
|
||||
<p>SQL Type <i>Batch without response</i> uses <b>db.exec</b> which runs all SQL statements in the provided string. No result rows are returned.</p>
|
||||
<p>When using <i>Via msg.topic</i> or <i>Batch without response</i> <code>msg.topic</code> must hold the <i>query</i> for the database.</p>
|
||||
<p>When using <i>Via msg.topic</i>, parameters can be passed in the query using a <code>msg.payload</code> array. Ex:<br />
|
||||
<code>msg.topic = `INSERT INTO user_table (name, surname) VALUES ($name, $surname)`<br />
|
||||
msg.payload = ["John", "Smith"]<br />
|
||||
return msg;</code><br />
|
||||
<p>When using Normal or Prepared Statement, the <i>query</i> must be entered in the node config.</p>
|
||||
<p>Pass in the parameters as an object in <code>msg.params</code> for Prepared Statement. Ex:<br />
|
||||
<code>msg.params = {<br />
|
||||
|
Loading…
x
Reference in New Issue
Block a user