node-red · dceejay · Jan 5, 2022 · Jan 4, 2022 · Jan 4, 2022 · Jan 4, 2022
diff --git a/storage/sqlite/README.md b/storage/sqlite/README.md
@@ -21,19 +21,46 @@ Run the following command in your Node-RED user directory - typically `~/.node-r
 Usage
 -----
 
-Allows basic access to a Sqlite database.
+Allows access to a SQLite database.
 
-This node uses the **db.all** operation against the configured database.
-This does allow INSERTS, UPDATES and DELETES.
+SQL Query sets how the query is passed to the node.
 
-By it's very nature it is SQL injection... so *be careful* out there...
+SQL Query Via msg.topic and Fixed Statement uses the db.all operation against the configured database. 
+This does allow INSERTS, UPDATES and DELETES. By its very nature it is SQL injection... so be careful out there...
 
-`msg.topic` must hold the *query* for the database, and the result is returned in `msg.payload`.
+SQL Type Prepared Statement also uses db.all but sanitizes parameters passed, eliminating the possibility of SQL injection.
+
+SQL Type Batch without response uses db.exec which runs all SQL statements in the provided string. No result rows are returned.
+
+When using Via msg.topic or Batch without response msg.topic must hold the query for the database.
+
+When using Via msg.topic, parameters can be passed in the query using a msg.payload array. Ex:
+
+```
+msg.topic = `INSERT INTO user_table (name, surname) VALUES ($name, $surname)`
+msg.payload = ["John", "Smith"]
+return msg;
+```
+
+When using Normal or Prepared Statement, the query must be entered in the node config.
+
+Pass in the parameters as an object in msg.params for Prepared Statement. Ex:
+```
+msg.params = {
+    $id:1,
+    $name:"John Doe"
+}
+```
+Parameter object names must match parameters set up in the Prepared Statement. If you get the error SQLITE_RANGE: bind or column index out of range be sure to include $ on the parameter object key.
+The SQL query for the example above could be: insert into user_table (user_id, user) VALUES ($id, $name);
+
+Using any SQL Query, the result is returned in msg.payload
 
 Typically the returned payload will be an array of the result rows, (or an error).
 
-You can load sqlite extensions by inputting a `msg.extension` property containing the full path and filename.
+You can load SQLite extensions by inputting a msg.extension property containing the full path and filename.
+
+The reconnect timeout in milliseconds can be changed by adding a line to `settings.js`
 
-The reconnect timeout in milliseconds can be changed by adding a line to **settings.js**
+`sqliteReconnectTime: 20000,`
 
-    sqliteReconnectTime: 20000,
diff --git a/storage/sqlite/locales/en-US/sqlite.html b/storage/sqlite/locales/en-US/sqlite.html
@@ -6,6 +6,10 @@
     <p>SQL Type <i>Prepared Statement</i> also uses <b>db.all</b> but sanitizes parameters passed, eliminating the possibility of SQL injection.</p>
     <p>SQL Type <i>Batch without response</i> uses <b>db.exec</b> which runs all SQL statements in the provided string. No result rows are returned.</p>
     <p>When using <i>Via msg.topic</i> or <i>Batch without response</i> <code>msg.topic</code> must hold the <i>query</i> for the database.</p>
+    <p>When using <i>Via msg.topic</i>, parameters can be passed in the query using a <code>msg.payload</code> array. Ex:<br />
+    <code>msg.topic = `INSERT INTO user_table (name, surname) VALUES ($name, $surname)`<br />
+    msg.payload = ["John", "Smith"]<br />
+    return msg;</code><br />
     <p>When using Normal or Prepared Statement, the <i>query</i> must be entered in the node config.</p>
     <p>Pass in the parameters as an object in <code>msg.params</code> for Prepared Statement. Ex:<br />
     <code>msg.params = {<br />