<!DOCTYPE html> <html><head> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <link href="../sqlite.css" rel="stylesheet"> <title>Function Flags</title> <!-- path=../ --> </head> <body> <div class=nosearch> <a href="../index.html"> <img class="logo" src="../images/sqlite370_banner.svg" alt="SQLite" border="0"> </a> <div><!-- IE hack to prevent disappearing logo --></div> <div class="tagline desktoponly"> Small. Fast. Reliable.<br>Choose any three. </div> <div class="menu mainmenu"> <ul> <li><a href="../index.html">Home</a> <li class='mobileonly'><a href="javascript:void(0)" onclick='toggle_div("submenu")'>Menu</a> <li class='wideonly'><a href='../about.html'>About</a> <li class='desktoponly'><a href="../docs.html">Documentation</a> <li class='desktoponly'><a href="../download.html">Download</a> <li class='wideonly'><a href='../copyright.html'>License</a> <li class='desktoponly'><a href="../support.html">Support</a> <li class='desktoponly'><a href="../prosupport.html">Purchase</a> <li class='search' id='search_menubutton'> <a href="javascript:void(0)" onclick='toggle_search()'>Search</a> </ul> </div> <div class="menu submenu" id="submenu"> <ul> <li><a href='../about.html'>About</a> <li><a href='../docs.html'>Documentation</a> <li><a href='../download.html'>Download</a> <li><a href='../support.html'>Support</a> <li><a href='../prosupport.html'>Purchase</a> </ul> </div> <div class="searchmenu" id="searchmenu"> <form method="GET" action="../search"> <select name="s" id="searchtype"> <option value="d">Search Documentation</option> <option value="c">Search Changelog</option> </select> <input type="text" name="q" id="searchbox" value=""> <input type="submit" value="Go"> </form> </div> </div> <script> function toggle_div(nm) { var w = document.getElementById(nm); if( w.style.display=="block" ){ w.style.display = "none"; }else{ w.style.display = "block"; } } function toggle_search() { var w = document.getElementById("searchmenu"); if( w.style.display=="block" ){ w.style.display = "none"; } else { w.style.display = "block"; setTimeout(function(){ document.getElementById("searchbox").focus() }, 30); } } function div_off(nm){document.getElementById(nm).style.display="none";} window.onbeforeunload = function(e){div_off("submenu");} /* Disable the Search feature if we are not operating from CGI, since */ /* Search is accomplished using CGI and will not work without it. */ if( !location.origin || !location.origin.match || !location.origin.match(/http/) ){ document.getElementById("search_menubutton").style.display = "none"; } /* Used by the Hide/Show button beside syntax diagrams, to toggle the */ function hideorshow(btn,obj){ var x = document.getElementById(obj); var b = document.getElementById(btn); if( x.style.display!='none' ){ x.style.display = 'none'; b.innerHTML='show'; }else{ x.style.display = ''; b.innerHTML='hide'; } return false; } var antiRobot = 0; function antiRobotGo(){ if( antiRobot!=3 ) return; antiRobot = 7; var j = document.getElementById("mtimelink"); if(j && j.hasAttribute("data-href")) j.href=j.getAttribute("data-href"); } function antiRobotDefense(){ document.body.onmousedown=function(){ antiRobot |= 2; antiRobotGo(); document.body.onmousedown=null; } document.body.onmousemove=function(){ antiRobot |= 2; antiRobotGo(); document.body.onmousemove=null; } setTimeout(function(){ antiRobot |= 1; antiRobotGo(); }, 100) antiRobotGo(); } antiRobotDefense(); </script> <!-- keywords: SQLITE_DETERMINISTIC SQLITE_DIRECTONLY SQLITE_INNOCUOUS SQLITE_RESULT_SUBTYPE SQLITE_SELFORDER1 SQLITE_SUBTYPE --> <div class=nosearch> <a href="../c3ref/intro.html"><h2>SQLite C Interface</h2></a> <h2>Function Flags</h2> </div> <blockquote><pre> #define SQLITE_DETERMINISTIC 0x000000800 #define SQLITE_DIRECTONLY 0x000080000 #define SQLITE_SUBTYPE 0x000100000 #define SQLITE_INNOCUOUS 0x000200000 #define SQLITE_RESULT_SUBTYPE 0x001000000 #define SQLITE_SELFORDER1 0x002000000 </pre></blockquote> <p> These constants may be ORed together with the <a href="../c3ref/c_any.html">preferred text encoding</a> as the fourth argument to <a href="../c3ref/create_function.html">sqlite3_create_function()</a>, <a href="../c3ref/create_function.html">sqlite3_create_function16()</a>, or <a href="../c3ref/create_function.html">sqlite3_create_function_v2()</a>.</p> <p><dl> <a name="sqlitedeterministic"></a> <dt>SQLITE_DETERMINISTIC</dt><dd> The SQLITE_DETERMINISTIC flag means that the new function always gives the same output when the input parameters are the same. The <a href="../lang_corefunc.html#abs">abs() function</a> is deterministic, for example, but <a href="../lang_corefunc.html#randomblob">randomblob()</a> is not. Functions must be deterministic in order to be used in certain contexts such as with the WHERE clause of <a href="../partialindex.html">partial indexes</a> or in <a href="../gencol.html">generated columns</a>. SQLite might also optimize deterministic functions by factoring them out of inner loops. </dd></p> <p><a name="sqlitedirectonly"></a> <dt>SQLITE_DIRECTONLY</dt><dd> The SQLITE_DIRECTONLY flag means that the function may only be invoked from top-level SQL, and cannot be used in VIEWs or TRIGGERs nor in schema structures such as <a href="../lang_createtable.html#ckconst">CHECK constraints</a>, <a href="../lang_createtable.html#dfltval">DEFAULT clauses</a>, <a href="../expridx.html">expression indexes</a>, <a href="../partialindex.html">partial indexes</a>, or <a href="../gencol.html">generated columns</a>. <p> The SQLITE_DIRECTONLY flag is recommended for any <a href="../appfunc.html">application-defined SQL function</a> that has side-effects or that could potentially leak sensitive information. This will prevent attacks in which an application is tricked into using a database file that has had its schema surreptitiously modified to invoke the application-defined function in ways that are harmful. <p> Some people say it is good practice to set SQLITE_DIRECTONLY on all <a href="../appfunc.html">application-defined SQL functions</a>, regardless of whether or not they are security sensitive, as doing so prevents those functions from being used inside of the database schema, and thus ensures that the database can be inspected and modified using generic tools (such as the <a href="../cli.html">CLI</a>) that do not have access to the application-defined functions. </dd></p> <p><a name="sqliteinnocuous"></a> <dt>SQLITE_INNOCUOUS</dt><dd> The SQLITE_INNOCUOUS flag means that the function is unlikely to cause problems even if misused. An innocuous function should have no side effects and should not depend on any values other than its input parameters. The <a href="../lang_corefunc.html#abs">abs() function</a> is an example of an innocuous function. The <a href="../lang_corefunc.html#load_extension">load_extension() SQL function</a> is not innocuous because of its side effects. <p> SQLITE_INNOCUOUS is similar to SQLITE_DETERMINISTIC, but is not exactly the same. The <a href="../lang_corefunc.html#random">random() function</a> is an example of a function that is innocuous but not deterministic. <p>Some heightened security settings (<a href="../c3ref/c_dbconfig_defensive.html#sqlitedbconfigtrustedschema">SQLITE_DBCONFIG_TRUSTED_SCHEMA</a> and <a href="../pragma.html#pragma_trusted_schema">PRAGMA trusted_schema=OFF</a>) disable the use of SQL functions inside views and triggers and in schema structures such as <a href="../lang_createtable.html#ckconst">CHECK constraints</a>, <a href="../lang_createtable.html#dfltval">DEFAULT clauses</a>, <a href="../expridx.html">expression indexes</a>, <a href="../partialindex.html">partial indexes</a>, and <a href="../gencol.html">generated columns</a> unless the function is tagged with SQLITE_INNOCUOUS. Most built-in functions are innocuous. Developers are advised to avoid using the SQLITE_INNOCUOUS flag for application-defined functions unless the function has been carefully audited and found to be free of potentially security-adverse side-effects and information-leaks. </dd></p> <p><a name="sqlitesubtype"></a> <dt>SQLITE_SUBTYPE</dt><dd> The SQLITE_SUBTYPE flag indicates to SQLite that a function might call <a href="../c3ref/value_subtype.html">sqlite3_value_subtype()</a> to inspect the sub-types of its arguments. This flag instructs SQLite to omit some corner-case optimizations that might disrupt the operation of the <a href="../c3ref/value_subtype.html">sqlite3_value_subtype()</a> function, causing it to return zero rather than the correct subtype(). All SQL functions that invoke <a href="../c3ref/value_subtype.html">sqlite3_value_subtype()</a> should have this property. If the SQLITE_SUBTYPE property is omitted, then the return value from <a href="../c3ref/value_subtype.html">sqlite3_value_subtype()</a> might sometimes be zero even though a non-zero subtype was specified by the function argument expression.</p> <p><a name="sqliteresultsubtype"></a> <dt>SQLITE_RESULT_SUBTYPE</dt><dd> The SQLITE_RESULT_SUBTYPE flag indicates to SQLite that a function might call <a href="../c3ref/result_subtype.html">sqlite3_result_subtype()</a> to cause a sub-type to be associated with its result. Every function that invokes <a href="../c3ref/result_subtype.html">sqlite3_result_subtype()</a> should have this property. If it does not, then the call to <a href="../c3ref/result_subtype.html">sqlite3_result_subtype()</a> might become a no-op if the function is used as term in an <a href="../expridx.html">expression index</a>. On the other hand, SQL functions that never invoke <a href="../c3ref/result_subtype.html">sqlite3_result_subtype()</a> should avoid setting this property, as the purpose of this property is to disable certain optimizations that are incompatible with subtypes.</p> <p><a name="sqliteselforder1"></a> <dt>SQLITE_SELFORDER1</dt><dd> The SQLITE_SELFORDER1 flag indicates that the function is an aggregate that internally orders the values provided to the first argument. The ordered-set aggregate SQL notation with a single ORDER BY term can be used to invoke this function. If the ordered-set aggregate notation is used on a function that lacks this flag, then an error is raised. Note that the ordered-set aggregate syntax is only available if SQLite is built using the -DSQLITE_ENABLE_ORDERED_SET_AGGREGATES compile-time option. </dd> </dl> </p><p>See also lists of <a href="../c3ref/objlist.html">Objects</a>, <a href="../c3ref/constlist.html">Constants</a>, and <a href="../c3ref/funclist.html">Functions</a>.</p>