From a newbie's point of view, how is this better (if doing it in 'hard
coded' format like below) than writing this code:

command.CommandText = string.format("INSERT INTO trend_data (tag_key,
value, value_timestamp) VALUES ({0}, {1}, {2})",2,234.56,now);

I can sort of understand it if its in a subroutine, and I appreciate the
example given was just an example, but whats the advantage of parametized
queries?

Sorry if diverting the topic somewhat....


Thanks,
Chris

I

On Mon, Mar 13, 2017 at 8:15 PM, Rob Richardson <rdrichard...@rad-con.com>
wrote:

> To answer my own question:  this works:
>
>             using (SQLiteCommand command = m_conn.CreateCommand())
>             {
>                 command.CommandType = CommandType.Text;
>                 command.CommandText = "INSERT INTO trend_data (tag_key,
> value, value_timestamp) VALUES (?, ?, ?)";
>                 SQLiteParameter param;
>                 param = new SQLiteParameter();
>                 param.Value = 2;
>                 command.Parameters.Add(param);
>                 param = new SQLiteParameter();
>                 param.Value = 234.56;
>                 command.Parameters.Add(param);
>                 param = new SQLiteParameter();
>                 param.Value = DateTime.Now;
>                 command.Parameters.Add(param);
>                 rowsAffected = command.ExecuteNonQuery();
>             }
>
> RobR
>
> -----Original Message-----
> From: sqlite-users [mailto:sqlite-users-boun...@mailinglists.sqlite.org]
> On Behalf Of Rob Richardson
> Sent: Monday, March 13, 2017 2:23 PM
> To: General Discussion of SQLite Database (sqlite-users@mailinglists.
> sqlite.org)
> Subject: [sqlite] How to use parameterized queries in SQLite.Net
>
> Hello again.
>
> Since my attempt to find the official answer for myself has hit a snag,
> I'll just ask here.
>
> The examples I've seen for parameterized queries used with the
> SQLiteCommand class have shown named parameters, and the names usually
> begin with an "@" character.  Is that character required for named
> parameters?  Is that the correct leading character?  Is it required to
> include that leading character in the name given to the SQLiteParameter
> object?
>
> I'm used to using the System.Data.ODBC classes, which do not support named
> parameters, but they do support unnamed parameters, represented by question
> marks.  The order in which the parameters are attached to the command
> object determines the association between the parameter object and the
> query parameter.  Unnamed parameters would be easier for me to work with
> than named ones.  Does SQlite.Net support unnamed parameters?
>
> Thank you.
>
> RobR
>
>
> _______________________________________________
> sqlite-users mailing list
> sqlite-users@mailinglists.sqlite.org
> http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
> _______________________________________________
> sqlite-users mailing list
> sqlite-users@mailinglists.sqlite.org
> http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
>
_______________________________________________
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users

Reply via email to