official documentation: Prepared Statement Object
A statement is constructed with a function such as sqlite3_prepare_v2().
A prepared statement object must be cleaned up with sqlite3_finalize(). Do not forget this in case of an error.
If parameters are used, set their values with the sqlite3_bind_xxx() functions.
The actual execution happens when sqlite3_step() is called.
const char *sql = "INSERT INTO MyTable(ID, Name) VALUES (?, ?)";
sqlite3_stmt *stmt;
int err;
err = sqlite3_prepare_v2(db, sql, -1, &stmt, NULL);
if (err != SQLITE_OK) {
printf("prepare failed: %s\n", sqlite3_errmsg(db));
return /* failure */;
}
sqlite3_bind_int (stmt, 1, 42); /* ID */
sqlite3_bind_text(stmt, 2, "Bob", -1, SQLITE_TRANSIENT); /* name */
err = sqlite3_step(stmt);
if (err != SQLITE_DONE) {
printf("execution failed: %s\n", sqlite3_errmsg(db));
sqlite3_finalize(stmt);
return /* failure */;
}
sqlite3_finalize(stmt);
return /* success */;
A SELECT query is executed like any other statement. To read the returned data, call sqlite3_step() in a loop. It returns:
If a query does not return any rows, the very first step returns SQLITE_DONE.
To read the data from the current row, call the sqlite3_column_xxx() functions:
const char *sql = "SELECT ID, Name FROM MyTable";
sqlite3_stmt *stmt;
int err;
err = sqlite3_prepare_v2(db, sql, -1, &stmt, NULL);
if (err != SQLITE_OK) {
printf("prepare failed: %s\n", sqlite3_errmsg(db));
return /* failure */;
}
for (;;) {
err = sqlite3_step(stmt);
if (err != SQLITE_ROW)
break;
int id = sqlite3_column_int (stmt, 0);
const char *name = sqlite3_column_text(stmt, 1);
if (name == NULL)
name = "(NULL)";
printf("ID: %d, Name: %s\n", id, name);
}
if (err != SQLITE_DONE) {
printf("execution failed: %s\n", sqlite3_errmsg(db));
sqlite3_finalize(stmt);
return /* failure */;
}
sqlite3_finalize(stmt);
return /* success */;
After a statement was executed, a call to sqlite3_reset() brings it back into the original state so that it can be re-executed.
Typically, while the statement itself stays the same, the parameters are changed:
const char *sql = "INSERT INTO MyTable(ID, Name) VALUES (?, ?)";
sqlite3_stmt *stmt;
int err;
err = sqlite3_prepare_v2(db, sql, -1, &stmt, NULL);
if (err != SQLITE_OK) {
printf("prepare failed: %s\n", sqlite3_errmsg(db));
return /* failure */;
}
for (...) {
sqlite3_bind_int (stmt, 1, ...); /* ID */
sqlite3_bind_text(stmt, 2, ...); /* name */
err = sqlite3_step(stmt);
if (err != SQLITE_DONE) {
printf("execution failed: %s\n", sqlite3_errmsg(db));
sqlite3_finalize(stmt);
return /* failure */;
}
sqlite3_reset(stmt);
}
sqlite3_finalize(stmt);
return /* success */;