'In' arguments are not supported

[nurpax]

SQL parameter expansion for cases like

select * from whatever where id in ?" (In [3,4,5])

is not currently supported.

The reason being that it's not easily (or at all?) supported by sqlite3's prepared statement bound parameters.

To support this, would need to bring back query string parsing and string substitution.

Filing this bug about this missing feature in the hope that someone has an idea how to get this working with bound params.

[chshersh]

@nurpax Any news on this? Is it possible to implement something similar to what is done for postgresql-simple?

• http://hackage.haskell.org/package/postgresql-simple-0.5.4.0/docs/Database-PostgreSQL-Simple.html#t:In

Ideally with support for named parameters as well.

[nurpax]

No news. The original bug description still stands. IN would require parsing the sql statement and generating a new one. I’m unwilling to do that as the current implementation just passes the original query string down to sqlite. This is very robust as sqlite does all the hardwork.

_{Sent with GitHawk}

[cjduncana]

Any news on this front?

[aryairani]

Is the fastest way to achieve the lookup in the example to run the query three times for each of [3,4,5]?
Or is there a better/faster workaround; e.g. constructing the Query manually with string concatenation?

P.S. Thanks for this library.

[eyeinsky]

@aryairani If you're meaning runtime speed then string-splicing might be the easier thing to do (albeit it being less safe).

[eyeinsky]

@nurpax Where do you go looking for whether sqlite has grown support for the in query for prepared statements? 2012 was a long time ago :).

[nurpax]

You think I've changed my mind about this? :) (I still think the original position is the right thing, albeit annoying from a user's point of view. But it's very bug-free and secure thing to do.)

But you'll have to ask the current maintainers for their opinion. I've stopped working on this library (and in general, do very little if any Haskell.)

[eyeinsky]

@nurpax No. :) The question I was trying to ask was that whether sqlite's prepared statements had added support for in query (such that they could be passed to it like for the other query types), and where would one go looking to find out if such support was added.

I do agree that it's much simpler to have sqlite itself parse the query templates, its params and then merge them (if I understood the issue right).

[nurpax]

I guess you'd have to look into sqlite's C API to see if there are any new features related to this. Also worth looking if any other other SQL bindings (for any language) or ORM libraries have some certain ways of dealing with IN args.