# SQLite > Stability: 1.1 - Active development. Enable this API with the > [`--experimental-sqlite`][] CLI flag. The `node:sqlite` module facilitates working with SQLite databases. To access it: ```mjs import sqlite from 'node:sqlite'; ``` ```cjs const sqlite = require('node:sqlite'); ``` This module is only available under the `node:` scheme. The following will not work: ```mjs import sqlite from 'sqlite'; ``` ```cjs const sqlite = require('sqlite'); ``` The following example shows the basic usage of the `node:sqlite` module to open an in-memory database, write data to the database, and then read the data back. ```mjs import { DatabaseSync } from 'node:sqlite'; const database = new DatabaseSync(':memory:'); // Execute SQL statements from strings. database.exec(` CREATE TABLE data( key INTEGER PRIMARY KEY, value TEXT ) STRICT `); // Create a prepared statement to insert data into the database. const insert = database.prepare('INSERT INTO data (key, value) VALUES (?, ?)'); // Execute the prepared statement with bound values. insert.run(1, 'hello'); insert.run(2, 'world'); // Create a prepared statement to read data from the database. const query = database.prepare('SELECT * FROM data ORDER BY key'); // Execute the prepared statement and log the result set. console.log(query.all()); // Prints: [ { key: 1, value: 'hello' }, { key: 2, value: 'world' } ] ``` ```cjs 'use strict'; const { DatabaseSync } = require('node:sqlite'); const database = new DatabaseSync(':memory:'); // Execute SQL statements from strings. database.exec(` CREATE TABLE data( key INTEGER PRIMARY KEY, value TEXT ) STRICT `); // Create a prepared statement to insert data into the database. const insert = database.prepare('INSERT INTO data (key, value) VALUES (?, ?)'); // Execute the prepared statement with bound values. insert.run(1, 'hello'); insert.run(2, 'world'); // Create a prepared statement to read data from the database. const query = database.prepare('SELECT * FROM data ORDER BY key'); // Execute the prepared statement and log the result set. console.log(query.all()); // Prints: [ { key: 1, value: 'hello' }, { key: 2, value: 'world' } ] ``` ## Class: `DatabaseSync` This class represents a single [connection][] to a SQLite database. All APIs exposed by this class execute synchronously. ### `new DatabaseSync(location[, options])` * `location` {string} The location of the database. A SQLite database can be stored in a file or completely [in memory][]. To use a file-backed database, the location should be a file path. To use an in-memory database, the location should be the special name `':memory:'`. * `options` {Object} Configuration options for the database connection. The following options are supported: * `open` {boolean} If `true`, the database is opened by the constructor. When this value is `false`, the database must be opened via the `open()` method. **Default:** `true`. * `readOnly` {boolean} If `true`, the database is opened in read-only mode. If the database does not exist, opening it will fail. **Default:** `false`. * `enableForeignKeyConstraints` {boolean} If `true`, foreign key constraints are enabled. This is recommended but can be disabled for compatibility with legacy database schemas. The enforcement of foreign key constraints can be enabled and disabled after opening the database using [`PRAGMA foreign_keys`][]. **Default:** `true`. * `enableDoubleQuotedStringLiterals` {boolean} If `true`, SQLite will accept [double-quoted string literals][]. This is not recommended but can be enabled for compatibility with legacy database schemas. **Default:** `false`. Constructs a new `DatabaseSync` instance. ### `database.close()` Closes the database connection. An exception is thrown if the database is not open. This method is a wrapper around [`sqlite3_close_v2()`][]. ### `database.exec(sql)` * `sql` {string} A SQL string to execute. This method allows one or more SQL statements to be executed without returning any results. This method is useful when executing SQL statements read from a file. This method is a wrapper around [`sqlite3_exec()`][]. ### `database.open()` Opens the database specified in the `location` argument of the `DatabaseSync` constructor. This method should only be used when the database is not opened via the constructor. An exception is thrown if the database is already open. ### `database.prepare(sql)` * `sql` {string} A SQL string to compile to a prepared statement. * Returns: {StatementSync} The prepared statement. Compiles a SQL statement into a [prepared statement][]. This method is a wrapper around [`sqlite3_prepare_v2()`][]. ## Class: `StatementSync` This class represents a single [prepared statement][]. This class cannot be instantiated via its constructor. Instead, instances are created via the `database.prepare()` method. All APIs exposed by this class execute synchronously. A prepared statement is an efficient binary representation of the SQL used to create it. Prepared statements are parameterizable, and can be invoked multiple times with different bound values. Parameters also offer protection against [SQL injection][] attacks. For these reasons, prepared statements are preferred over hand-crafted SQL strings when handling user input. ### `statement.all([namedParameters][, ...anonymousParameters])` * `namedParameters` {Object} An optional object used to bind named parameters. The keys of this object are used to configure the mapping. * `...anonymousParameters` {null|number|bigint|string|Buffer|Uint8Array} Zero or more values to bind to anonymous parameters. * Returns: {Array} An array of objects. Each object corresponds to a row returned by executing the prepared statement. The keys and values of each object correspond to the column names and values of the row. This method executes a prepared statement and returns all results as an array of objects. If the prepared statement does not return any results, this method returns an empty array. The prepared statement [parameters are bound][] using the values in `namedParameters` and `anonymousParameters`. ### `statement.expandedSQL` * {string} The source SQL expanded to include parameter values. The source SQL text of the prepared statement with parameter placeholders replaced by the values that were used during the most recent execution of this prepared statement. This property is a wrapper around [`sqlite3_expanded_sql()`][]. ### `statement.get([namedParameters][, ...anonymousParameters])` * `namedParameters` {Object} An optional object used to bind named parameters. The keys of this object are used to configure the mapping. * `...anonymousParameters` {null|number|bigint|string|Buffer|Uint8Array} Zero or more values to bind to anonymous parameters. * Returns: {Object|undefined} An object corresponding to the first row returned by executing the prepared statement. The keys and values of the object correspond to the column names and values of the row. If no rows were returned from the database then this method returns `undefined`. This method executes a prepared statement and returns the first result as an object. If the prepared statement does not return any results, this method returns `undefined`. The prepared statement [parameters are bound][] using the values in `namedParameters` and `anonymousParameters`. ### `statement.run([namedParameters][, ...anonymousParameters])` * `namedParameters` {Object} An optional object used to bind named parameters. The keys of this object are used to configure the mapping. * `...anonymousParameters` {null|number|bigint|string|Buffer|Uint8Array} Zero or more values to bind to anonymous parameters. * Returns: {Object} * `changes`: {number|bigint} The number of rows modified, inserted, or deleted by the most recently completed `INSERT`, `UPDATE`, or `DELETE` statement. This field is either a number or a `BigInt` depending on the prepared statement's configuration. This property is the result of [`sqlite3_changes64()`][]. * `lastInsertRowid`: {number|bigint} The most recently inserted rowid. This field is either a number or a `BigInt` depending on the prepared statement's configuration. This property is the result of [`sqlite3_last_insert_rowid()`][]. This method executes a prepared statement and returns an object summarizing the resulting changes. The prepared statement [parameters are bound][] using the values in `namedParameters` and `anonymousParameters`. ### `statement.setAllowBareNamedParameters(enabled)` * `enabled` {boolean} Enables or disables support for binding named parameters without the prefix character. The names of SQLite parameters begin with a prefix character. By default, `node:sqlite` requires that this prefix character is present when binding parameters. However, with the exception of dollar sign character, these prefix characters also require extra quoting when used in object keys. To improve ergonomics, this method can be used to also allow bare named parameters, which do not require the prefix character in JavaScript code. There are several caveats to be aware of when enabling bare named parameters: * The prefix character is still required in SQL. * The prefix character is still allowed in JavaScript. In fact, prefixed names will have slightly better binding performance. * Using ambiguous named parameters, such as `$k` and `@k`, in the same prepared statement will result in an exception as it cannot be determined how to bind a bare name. ### `statement.setReadBigInts(enabled)` * `enabled` {boolean} Enables or disables the use of `BigInt`s when reading `INTEGER` fields from the database. When reading from the database, SQLite `INTEGER`s are mapped to JavaScript numbers by default. However, SQLite `INTEGER`s can store values larger than JavaScript numbers are capable of representing. In such cases, this method can be used to read `INTEGER` data using JavaScript `BigInt`s. This method has no impact on database write operations where numbers and `BigInt`s are both supported at all times. ### `statement.sourceSQL` * {string} The source SQL used to create this prepared statement. The source SQL text of the prepared statement. This property is a wrapper around [`sqlite3_sql()`][]. ### Type conversion between JavaScript and SQLite When Node.js writes to or reads from SQLite it is necessary to convert between JavaScript data types and SQLite's [data types][]. Because JavaScript supports more data types than SQLite, only a subset of JavaScript types are supported. Attempting to write an unsupported data type to SQLite will result in an exception. | SQLite | JavaScript | | --------- | -------------------- | | `NULL` | {null} | | `INTEGER` | {number} or {bigint} | | `REAL` | {number} | | `TEXT` | {string} | | `BLOB` | {Uint8Array} | [SQL injection]: https://en.wikipedia.org/wiki/SQL_injection [`--experimental-sqlite`]: cli.md#--experimental-sqlite [`PRAGMA foreign_keys`]: https://www.sqlite.org/pragma.html#pragma_foreign_keys [`sqlite3_changes64()`]: https://www.sqlite.org/c3ref/changes.html [`sqlite3_close_v2()`]: https://www.sqlite.org/c3ref/close.html [`sqlite3_exec()`]: https://www.sqlite.org/c3ref/exec.html [`sqlite3_expanded_sql()`]: https://www.sqlite.org/c3ref/expanded_sql.html [`sqlite3_last_insert_rowid()`]: https://www.sqlite.org/c3ref/last_insert_rowid.html [`sqlite3_prepare_v2()`]: https://www.sqlite.org/c3ref/prepare.html [`sqlite3_sql()`]: https://www.sqlite.org/c3ref/expanded_sql.html [connection]: https://www.sqlite.org/c3ref/sqlite3.html [data types]: https://www.sqlite.org/datatype3.html [double-quoted string literals]: https://www.sqlite.org/quirks.html#dblquote [in memory]: https://www.sqlite.org/inmemorydb.html [parameters are bound]: https://www.sqlite.org/c3ref/bind_blob.html [prepared statement]: https://www.sqlite.org/c3ref/stmt.html