A parameterized query enables you to run a fixed query with arbitrary data that
is unknown during compile time, multiple times (once for each set of
parameters), without re-preparing the statement (which is costly) in between.
-Ursprüngliche Nachricht-
Von: sqlite-users [mailto:sqlite-us
Chris Locke wrote:
> From a newbie's point of view, how is this better (if doing it in 'hard
> coded' format like below) than writing this code:
>
> command.CommandText = string.format("INSERT INTO trend_data (tag_key,
> value, value_timestamp) VALUES ({0}, {1}, {2})",2,234.56,now);
Using paramete
The main reason you should parameterise queries is to protect against "SQL
injection". "Hardcoded" as below doesn't make much difference, but if the data
being used comes in any way from an "untrusted" source, then this is
particularly important.
If, instead of "234.56" below a malicious user c
On Mon, Mar 13, 2017 at 7:47 PM, Richard Hipp wrote:
> On 3/13/17, Marco Silva wrote:
> > Hi,
> >
> > Does anyone knows a Common Table Expression (CTE) to be used with the
> > sqlite_master table so we can count for each table how many rows it
> > has.
>
> That is not possible. Each table (p
On Tue, Mar 14, 2017 at 10:14 AM, Dominique Devienne
wrote:
>
> On Mon, Mar 13, 2017 at 7:47 PM, Richard Hipp wrote:
>
>> On 3/13/17, Marco Silva wrote:
>> > Hi,
>> >
>> > Does anyone knows a Common Table Expression (CTE) to be used with the
>> > sqlite_master table so we can count for each t
Cannot resist the classic response as to why one should use parameters rather
than inline substitution:
https://xkcd.com/327/
> -Original Message-
> From: sqlite-users [mailto:sqlite-users-boun...@mailinglists.sqlite.org]
> On Behalf Of Chris Locke
> Sent: Tuesday, 14 March, 2017 00:53
Excerpts from Richard Hipp's message of 2017-03-13 14:47:49 -0400:
> On 3/13/17, Marco Silva wrote:
> > Hi,
> >
> > Does anyone knows a Common Table Expression (CTE) to be used with the
> > sqlite_master table so we can count for each table how many rows it
> > has.
>
> That is not possible.
Hello !
I just downloaded the
http://www.sqlite.org/snapshot/sqlite-snapshot-201703062044.tar.gz
compiled it with fts5 enabled and then tested it with this:
===
CREATE VIRTUAL TABLE email USING fts5(body);
insert into email(body) values('hello over there');
select rowid, body from email wher
Hello !
Sorry by my previous message, it was my mistake when quering the fts5.
I was quering like normal sql referring to a specific column in the
where clause instead of using the table name.
Cheers !
___
sqlite-users mailing list
sqlite-users@mai
Hi,
I'm trying to understand incremental BLOB IO using the latest
System.Data.Sqlite and C#.
I've got some test code working where I can execute a query and using a
data reader get a SQLiteBlob object and read the blob back. However, I'm
not clear as to how I can use incremental IO if I'm doing a
I haven't got an example but how about inserting the record and then
updating the blob in question?
On Wed, Mar 15, 2017 at 12:33 AM, Mike King wrote:
> Hi,
>
> I'm trying to understand incremental BLOB IO using the latest
> System.Data.Sqlite and C#.
>
> I've got some test code working where I
Insert the record. (Use zeroblob(n) to on the blob field to create an empty n
byte blob.)
Open the blob and do your I/O
Close the blob.
Carry on with the next record.
> -Original Message-
> From: sqlite-users [mailto:sqlite-users-boun...@mailinglists.sqlite.org]
> On Behalf Of Mike King
Plenty of examples on the web using the C interface, and the SQLite API is
clear enough that people can figure out how to use it. But you can’t use those
lines of code with System.Data.Sqlite and C#. I think the OP wants an example
of using the blob-editing functions though System.Data.Sqlite.
On 03/15/2017 06:00 AM, Domingo Alvarez Duarte wrote:
Hello !
I just downloaded the
http://www.sqlite.org/snapshot/sqlite-snapshot-201703062044.tar.gz
compiled it with fts5 enabled and then tested it with this:
===
CREATE VIRTUAL TABLE email USING fts5(body);
insert into email(body) values(
14 matches
Mail list logo