Skip to main content

Query Parameters

Instead of editing your SQL every time you want to test a different value, use :name placeholders. TablePro detects them, shows a panel for entering values, and executes using prepared statements.
Query parameters

Usage

Write a query with :name placeholders: 
SELECT *
FROM orders
WHERE customer_id = :customer_id
  AND status = :status
  AND created_at > :since;
Press Cmd+Enter. A panel appears with a field for each parameter. Fill in values, press Cmd+Enter again. Done. Works with Execute All (Cmd+Shift+Enter) too.

The Panel

Each row has:
ControlWhat it does
NameShows the parameter name from your query
ValueWhere you type the value
TypeString, Integer, Decimal, Date, or Boolean
NULLCheck this to bind NULL
Clear All empties all value fields. The X button hides the panel. It comes back on the next execute if the query still has parameters.

What Gets Detected

:name is detected when name starts with a letter or underscore. These are ignored:
PatternWhy it’s ignored
':name'Inside a string
-- :nameInside a comment
/* :name */Inside a block comment
col::integerPostgreSQL type cast
$$ :name $$Dollar-quoted string
:123Starts with a digit
If the same name appears twice (:id = :id), both get the same value.

How Binding Works

TablePro converts your :name placeholders to the database’s native format before executing:
  • MySQL, SQLite: ? placeholders via mysql_stmt_bind_param / sqlite3_bind_text
  • PostgreSQL: $1, $2 via PQexecParams
  • DuckDB: $1, $2 via prepared statements
  • ClickHouse, SQL Server, others: client-side substitution with proper escaping
This is real prepared statement binding, not string replacement. Quoting and SQL injection are handled for you.

Values Stick Around

Parameter values are saved with the tab. They survive tab switches, app restarts, and show up in query history. When you edit the query and change parameter names, new names get empty fields and old ones disappear. Names that still match keep their values.

Multiple Statements

For multi-statement scripts, all unique parameter names across all statements appear in one panel. Each statement only binds the parameters it uses. 
INSERT INTO users (id, name) VALUES (:id, :name);
SELECT * FROM users WHERE id = :id;
Both use :id. Only the INSERT uses :name.

Safe Mode

Parameterized queries still go through safe mode checks. DROP, DELETE without WHERE, and TRUNCATE still ask for confirmation.

Settings

Settings > Editor > Query parameters (:name syntax). On by default. Turn it off if you don’t want parameter detection (:name will be sent to the database as-is).