SQLite：将值列表绑定到“WHEREcolIN（：PRM）”-SQLite:bindlistofvaluesto“WHEREcolIN(:PRM)”

24  

You can dynamically build a parameterized SQL statement of the form

您可以动态构建表单的参数化SQL语句

 SELECT * FROM TABLE WHERE col IN (?, ?, ?)

and then call sqlite_bind_int once for each "?" you added to the statement.

然后为每个“？”调用一次sqlite_bind_int你添加到声明中。

There is no way to directly bind a text parameter to multiple integer (or, for that matter, multiple text) parameters.

无法将文本参数直接绑定到多个整数（或者，就此而言，多个文本）参数。

Here's pseudo code for what I have in mind:

这是我想到的伪代码：

-- Args is an array of parameter valuesfor i = Lo(Args) to Hi(Args)   paramlist = paramlist + ', ?'sql = 'SELECT * FROM TABLE WHERE col IN (' + Right(paramlist, 3)  + ')'for i = Lo(Args) to Hi(Args)  sql_bind_int(sql, i, Args[i]-- execute query here.

9  

I just faced this question myself, but answered it by creating a temporary table and inserting all the values into that, so that I could then do:

我自己只是面对这个问题，但是通过创建一个临时表并将所有值插入其中来回答它，以便我可以这样做：

SELECT * FROM TABLE WHERE col IN (SELECT col FROM temporarytable);

5  

Even simpler, build your query like this:

更简单，像这样构建您的查询：

"SELECT * FROM TABLE WHERE col IN ("+",".join(["?"]*len(lst))+")"

0  

Working on a same functionality lead me to this approach:(nodejs, es6, Promise)

使用相同的功能引导我采用这种方法：（nodejs，es6，Promise）

    var deleteRecords = function (tblName, data) {        return new Promise((resolve, reject) => {            var jdata = JSON.stringify(data);            this.run(`DELETE FROM ${tblName} WHERE id IN (?)`, jdata.substr(1, jdata.length - 2), function (err) {                err ? reject('deleteRecords failed with : ' + err) : resolve();            });        });    };

0  

For example, if you want the sql query:

例如，如果您想要sql查询：

select * from table where col in (110, 130, 90)

What about:

关于什么：

my_list = [110, 130, 90]my_list_str = repr(my_list).replace('[','(').replace(']',')') cur.execute("select * from table where col in %s" % my_list_str )

0  

this works fine aswell (Javascript ES6):

这很好用（Javascript ES6）：

let myList = [1, 2, 3];`SELECT * FROM table WHERE col IN (${myList.join()});`

0  

A much simpler and safer answer simply involves generating the mask (as opposed to the data part of the query) and allowing the SQL-injection formatter engine to do its job.

一个更简单，更安全的答案只涉及生成掩码（与查询的数据部分相对）并允许SQL注入格式化程序引擎完成其工作。

Suppose we have some ids in an array, and some cb callback:

假设我们在数组中有一些id，还有一些cb回调：

/* we need to generate a '?' for each item in our mask */const mask = Array(ids.length).fill('?').join();db.get(`  SELECT *    FROM films f   WHERE f.id      IN (${mask})`, ids, cb);