FYI, QueryByExample will kill the optimizer.

At least in SQLite, the following are possible:

  • Numbered and named host parameters can be used.
  • If you need "IN (?,?,?)" and don't know how many, you can also use a temporary table. Temporary tables are separate per connection, so they won't conflict.
  • Quoting a string means only that you need to double each apostrophe; all other characters are literal in a string.

-- 03:12, 2 December 2018 (UTC)