From e5e65acfa725ea3fb774bbe23aa00a70adfb460c Mon Sep 17 00:00:00 2001 From: unborn-andy <93290787+unborn-andy@users.noreply.github.com> Date: Tue, 4 Jan 2022 22:25:13 +0200 Subject: [PATCH] Update README.md 1. Updated node readme to match node's html help. 2. Added Example clarifying the use of parameters in a msg.topic query. --- storage/sqlite/README.md | 43 ++++++++++++++++++++++++++++++++-------- 1 file changed, 35 insertions(+), 8 deletions(-) diff --git a/storage/sqlite/README.md b/storage/sqlite/README.md index c81da9cc..721ce0b2 100644 --- a/storage/sqlite/README.md +++ b/storage/sqlite/README.md @@ -21,19 +21,46 @@ Run the following command in your Node-RED user directory - typically `~/.node-r Usage ----- -Allows basic access to a Sqlite database. +Allows access to a SQLite database. -This node uses the **db.all** operation against the configured database. -This does allow INSERTS, UPDATES and DELETES. +SQL Query sets how the query is passed to the node. -By it's very nature it is SQL injection... so *be careful* out there... +SQL Query Via msg.topic and Fixed Statement uses the db.all operation against the configured database. +This does allow INSERTS, UPDATES and DELETES. By its very nature it is SQL injection... so be careful out there... -`msg.topic` must hold the *query* for the database, and the result is returned in `msg.payload`. +SQL Type Prepared Statement also uses db.all but sanitizes parameters passed, eliminating the possibility of SQL injection. + +SQL Type Batch without response uses db.exec which runs all SQL statements in the provided string. No result rows are returned. + +When using Via msg.topic or Batch without response msg.topic must hold the query for the database. + +When using msg.topic, parameters can be passed in the query using a msg.payload array. Ex: + +``` +msg.topic = `INSERT INTO test (name, surname) VALUES ($name, $surname)` +msg.payload = ["John", "Smith"] +return msg; +``` + +When using Normal or Prepared Statement, the query must be entered in the node config. + +Pass in the parameters as an object in msg.params for Prepared Statement. Ex: +``` +msg.params = { + $id:1, + $name:"John Doe" +} +``` +Parameter object names must match parameters set up in the Prepared Statement. If you get the error SQLITE_RANGE: bind or column index out of range be sure to include $ on the parameter object key. +The SQL query for the example above could be: insert into user_table (user_id, user) VALUES ($id, $name); + +Using any SQL Query, the result is returned in msg.payload Typically the returned payload will be an array of the result rows, (or an error). -You can load sqlite extensions by inputting a `msg.extension` property containing the full path and filename. +You can load SQLite extensions by inputting a msg.extension property containing the full path and filename. -The reconnect timeout in milliseconds can be changed by adding a line to **settings.js** +The reconnect timeout in milliseconds can be changed by adding a line to `settings.js` + +`sqliteReconnectTime: 20000,` - sqliteReconnectTime: 20000,