BuildDocsReferenceGuidesBlog
Discord logo
Discord
GitHub logo
McreateTagStore
Bun

method

sqlite.DatabaseSync.createTagStore

maxSize?: number

Creates a new SQLTagStore, which is a Least Recently Used (LRU) cache for storing prepared statements. This allows for the efficient reuse of prepared statements by tagging them with a unique identifier.

When a tagged SQL literal is executed, the SQLTagStore checks if a prepared statement for the corresponding SQL query string already exists in the cache. If it does, the cached statement is used. If not, a new prepared statement is created, executed, and then stored in the cache for future use. This mechanism helps to avoid the overhead of repeatedly parsing and preparing the same SQL statements.

Tagged statements bind the placeholder values from the template literal as parameters to the underlying prepared statement. For example:

sqlTagStore.get`SELECT ${value}`;

is equivalent to:

db.prepare('SELECT ?').get(value);

However, in the first example, the tag store will cache the underlying prepared statement for future use.

Note: The ${value} syntax in tagged statements binds a parameter to the prepared statement. This differs from its behavior in untagged template literals, where it performs string interpolation.

// This a safe example of binding a parameter to a tagged statement.
sqlTagStore.run`INSERT INTO t1 (id) VALUES (${id})`;

// This is an *unsafe* example of an untagged template string.
// `id` is interpolated into the query text as a string.
// This can lead to SQL injection and data corruption.
db.run(`INSERT INTO t1 (id) VALUES (${id})`);

The tag store will match a statement from the cache if the query strings (including the positions of any bound placeholders) are identical.

// The following statements will match in the cache:
sqlTagStore.get`SELECT * FROM t1 WHERE id = ${id} AND active = 1`;
sqlTagStore.get`SELECT * FROM t1 WHERE id = ${12345} AND active = 1`;

// The following statements will not match, as the query strings
// and bound placeholders differ:
sqlTagStore.get`SELECT * FROM t1 WHERE id = ${id} AND active = 1`;
sqlTagStore.get`SELECT * FROM t1 WHERE id = 12345 AND active = 1`;

// The following statements will not match, as matches are case-sensitive:
sqlTagStore.get`SELECT * FROM t1 WHERE id = ${id} AND active = 1`;
sqlTagStore.get`select * from t1 where id = ${id} and active = 1`;

The only way of binding parameters in tagged statements is with the ${value} syntax. Do not add parameter binding placeholders (? etc.) to the SQL query string itself.

import { DatabaseSync } from 'node:sqlite';

const db = new DatabaseSync(':memory:');
const sql = db.createSQLTagStore();

db.exec('CREATE TABLE users (id INT, name TEXT)');

// Using the 'run' method to insert data.
// The tagged literal is used to identify the prepared statement.
sql.run`INSERT INTO users VALUES (1, 'Alice')`;
sql.run`INSERT INTO users VALUES (2, 'Bob')`;

// Using the 'get' method to retrieve a single row.
const name = 'Alice';
const user = sql.get`SELECT * FROM users WHERE name = ${name}`;
console.log(user); // { id: 1, name: 'Alice' }

// Using the 'all' method to retrieve all rows.
const allUsers = sql.all`SELECT * FROM users ORDER BY id`;
console.log(allUsers);
// [
//   { id: 1, name: 'Alice' },
//   { id: 2, name: 'Bob' }
// ]
@returns

A new SQL tag store for caching prepared statements.

Referenced types

interface SQLTagStore

This class represents a single LRU (Least Recently Used) cache for storing prepared statements.

Instances of this class are created via the database.createTagStore() method, not by using a constructor. The store caches prepared statements based on the provided SQL query string. When the same query is seen again, the store retrieves the cached statement and safely applies the new values through parameter binding, thereby preventing attacks like SQL injection.

The cache has a maxSize that defaults to 1000 statements, but a custom size can be provided (e.g., database.createTagStore(100)). All APIs exposed by this class execute synchronously.

  • readonly capacity: number

    A read-only property that returns the maximum number of prepared statements the cache can hold.

  • readonly db: DatabaseSync

    A read-only property that returns the DatabaseSync object associated with this SQLTagStore.

  • readonly size: number

    A read-only property that returns the number of prepared statements currently in the cache.

  • stringElements: TemplateStringsArray,
    ...boundParameters: SQLInputValue[]
    ): Record<string, SQLOutputValue>[];

    Executes the given SQL query and returns all resulting rows as an array of objects.

    This function is intended to be used as a template literal tag, not to be called directly.

    @param stringElements

    Template literal elements containing the SQL query.

    @param boundParameters

    Parameter values to be bound to placeholders in the template string.

    @returns

    An array of objects representing the rows returned by the query.

  • clear(): void;

    Resets the LRU cache, clearing all stored prepared statements.

  • stringElements: TemplateStringsArray,
    ...boundParameters: SQLInputValue[]
    ): undefined | Record<string, SQLOutputValue>;

    Executes the given SQL query and returns the first resulting row as an object.

    This function is intended to be used as a template literal tag, not to be called directly.

    @param stringElements

    Template literal elements containing the SQL query.

    @param boundParameters

    Parameter values to be bound to placeholders in the template string.

    @returns

    An object representing the first row returned by the query, or undefined if no rows are returned.

  • stringElements: TemplateStringsArray,
    ...boundParameters: SQLInputValue[]
    ): Iterator<Record<string, SQLOutputValue>>;

    Executes the given SQL query and returns an iterator over the resulting rows.

    This function is intended to be used as a template literal tag, not to be called directly.

    @param stringElements

    Template literal elements containing the SQL query.

    @param boundParameters

    Parameter values to be bound to placeholders in the template string.

    @returns

    An iterator that yields objects representing the rows returned by the query.

  • stringElements: TemplateStringsArray,
    ...boundParameters: SQLInputValue[]

    Executes the given SQL query, which is expected to not return any rows (e.g., INSERT, UPDATE, DELETE).

    This function is intended to be used as a template literal tag, not to be called directly.

    @param stringElements

    Template literal elements containing the SQL query.

    @param boundParameters

    Parameter values to be bound to placeholders in the template string.

    @returns

    An object containing information about the execution, including changes and lastInsertRowid.