const char *sqlite3_sql(sqlite3_stmt *pStmt); char *sqlite3_expanded_sql(sqlite3_stmt *pStmt);
The sqlite3_sql(P) interface returns a pointer to a copy of the UTF-8 SQL text used to create prepared statement P if P was created by either sqlite3_prepare_v2() or sqlite3_prepare16_v2(). The sqlite3_expanded_sql(P) interface returns a pointer to a UTF-8 string containing the SQL text of prepared statement P with bound parameters expanded.
For example, if a prepared statement is created using the SQL text "SELECT $abc,:xyz" and if parameter $abc is bound to integer 2345 and parameter :xyz is unbound, then sqlite3_sql() will return the original string, "SELECT $abc,:xyz" but sqlite3_expanded_sql() will return "SELECT 2345,NULL".
The sqlite3_expanded_sql() interface returns NULL if insufficient memory is available to hold the result, or if the result would exceed the the maximum string length determined by the SQLITE_LIMIT_LENGTH.
The SQLITE_TRACE_SIZE_LIMIT compile-time option limits the size of bound parameter expansions. The SQLITE_OMIT_TRACE compile-time option causes sqlite3_expanded_sql() to always return NULL.
The string returned by sqlite3_sql(P) is managed by SQLite and is automatically freed when the prepared statement is finalized. The string returned by sqlite3_expanded_sql(P), on the other hand, is obtained from sqlite3_malloc() and must be free by the application by passing it to sqlite3_free().