FYI, QueryByExample will kill the optimizer.
At least in SQLite, the following are possible:
- Numbered and named host parameters can be used.
- If you need "IN (?,?,?)" and don't know how many, you can also use a temporary table. Temporary tables are separate per connection, so they won't conflict.
- Quoting a string means only that you need to double each apostrophe; all other characters are literal in a string.
--184.108.40.206 03:12, 2 December 2018 (UTC)