Store a SQLite query with parameters in bash variable

Asked Dec 27 '21 at 15:12

Active Dec 27 '21 at 16:25

Viewed 207 times

I am trying to store a list of rows inside of a variable like in this example:

list=$(bash -c 'sqlite3 /home/ubuntu/myplace/mydb.db "SELECT row1 FROM table1"')

But when I want to add parameters like in this example:

list=$(bash -c 'sqlite3 /home/ubuntu/myplace/mydb.db "SELECT row2 FROM table2 WHERE row2='somevalue'"')

It does not work because the command given to bash inside the '' ends after the WHERE row2=.

I tried some other variants where I first wrote the results of

sqlite3 /home/ubuntu/myplace/mydb.db "SELECT row2 FROM table2 WHERE row2='somevalue'"

to some txt, csv or json file just to read it out one line later but that just came out to be not practical.

Is there any other practical possibility?

edited Dec 27 '21 at 15:16

Cyrus

asked Dec 27 '21 at 15:12

DatWapiti

Direct parameter substitution is **dangerous**. It's very easy to be vulnerable to [SQL injection](https://owasp.org/www-community/attacks/SQL_Injection) attacks. – John Kugelman Dec 27 '21 at 15:26
Related: [How to prepare a statement from the CLI interpreter?](https://stackoverflow.com/questions/20065990/how-to-prepare-a-statement-from-the-cli-interpreter) – John Kugelman Dec 27 '21 at 15:26

0 Answers0