Re: [sqlite] Using SQLite, how can I search for chars that include a ', similar to OLE DB .Parameters?

Clyde Eisenbeis Wed, 25 Jan 2017 08:07:45 -0800

I should clarify ... I am currently using:

    string stCmdString = "SELECT" + stFieldNames + "FROM " +
stTableName + " WHERE " + stLikeFieldName + " LIKE '%" +
liststLikeFieldValue[0] + "%'";


    for (int iii = 1; iii < liststLikeFieldValue.Count; iii++)
      stCmdString += " AND " + stLikeFieldName + " LIKE '%" +
liststLikeFieldValue[iii] + "%'";

which does not handle the cases where a ' is included in the field value.


On Wed, Jan 25, 2017 at 9:50 AM, Clyde Eisenbeis <cte...@gmail.com> wrote:
> Thanks for the prompt response!
>
> Are there code examples similar to the following (OLE DB)?
>
>    oledbCmd.CommandText = "SELECT" + stFieldNames + "FROM " +
> stTableName + " WHERE " + stLikeFieldName + " LIKE @p0";
>
>     for (int iii = 1; iii < liststLikeFieldValue.Count; iii++)
>       oledbCmd.CommandText += stLikeFieldName + " AND " +
> stLikeFieldName + " LIKE @p" + (iii).ToString();
>
> On Wed, Jan 25, 2017 at 9:45 AM, Warren Young <war...@etr-usa.com> wrote:
>> On Jan 25, 2017, at 8:33 AM, Clyde Eisenbeis <cte...@gmail.com> wrote:
>>>
>>> The use of .Parameters in OLE DB fixes this problem.  Is there an
>>> equivalent for SQLite?
>>
>> You’re looking for prepared statements with parameters:
>>
>>    https://sqlite.org/c3ref/stmt.html
>>    https://sqlite.org/lang_expr.html#varparam
>>
>> _______________________________________________
>> sqlite-users mailing list
>> sqlite-users@mailinglists.sqlite.org
>> http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
_______________________________________________
sqlite-users mailing list
sqlite-users@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users

Re: [sqlite] Using SQLite, how can I search for chars that include a ', similar to OLE DB .Parameters?

Reply via email to