A parameterized query enables you to run a fixed query with arbitrary data that is unknown during compile time, multiple times (once for each set of parameters), without re-preparing the statement (which is costly) in between.
-----Ursprüngliche Nachricht----- Von: sqlite-users [mailto:sqlite-users-boun...@mailinglists.sqlite.org] Im Auftrag von Chris Locke Gesendet: Dienstag, 14. März 2017 07:53 An: SQLite mailing list <sqlite-users@mailinglists.sqlite.org> Betreff: Re: [sqlite] How to use parameterized queries in SQLite.Net From a newbie's point of view, how is this better (if doing it in 'hard coded' format like below) than writing this code: command.CommandText = string.format("INSERT INTO trend_data (tag_key, value, value_timestamp) VALUES ({0}, {1}, {2})",2,234.56,now); I can sort of understand it if its in a subroutine, and I appreciate the example given was just an example, but whats the advantage of parametized queries? Sorry if diverting the topic somewhat.... Thanks, Chris I On Mon, Mar 13, 2017 at 8:15 PM, Rob Richardson <rdrichard...@rad-con.com> wrote: > To answer my own question: this works: > > using (SQLiteCommand command = m_conn.CreateCommand()) > { > command.CommandType = CommandType.Text; > command.CommandText = "INSERT INTO trend_data > (tag_key, value, value_timestamp) VALUES (?, ?, ?)"; > SQLiteParameter param; > param = new SQLiteParameter(); > param.Value = 2; > command.Parameters.Add(param); > param = new SQLiteParameter(); > param.Value = 234.56; > command.Parameters.Add(param); > param = new SQLiteParameter(); > param.Value = DateTime.Now; > command.Parameters.Add(param); > rowsAffected = command.ExecuteNonQuery(); > } > > RobR > > -----Original Message----- > From: sqlite-users > [mailto:sqlite-users-boun...@mailinglists.sqlite.org] > On Behalf Of Rob Richardson > Sent: Monday, March 13, 2017 2:23 PM > To: General Discussion of SQLite Database (sqlite-users@mailinglists. > sqlite.org) > Subject: [sqlite] How to use parameterized queries in SQLite.Net > > Hello again. > > Since my attempt to find the official answer for myself has hit a > snag, I'll just ask here. > > The examples I've seen for parameterized queries used with the > SQLiteCommand class have shown named parameters, and the names usually > begin with an "@" character. Is that character required for named > parameters? Is that the correct leading character? Is it required to > include that leading character in the name given to the > SQLiteParameter object? > > I'm used to using the System.Data.ODBC classes, which do not support > named parameters, but they do support unnamed parameters, represented > by question marks. The order in which the parameters are attached to > the command object determines the association between the parameter > object and the query parameter. Unnamed parameters would be easier > for me to work with than named ones. Does SQlite.Net support unnamed > parameters? > > Thank you. > > RobR > > > _______________________________________________ > sqlite-users mailing list > sqlite-users@mailinglists.sqlite.org > http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users > _______________________________________________ > sqlite-users mailing list > sqlite-users@mailinglists.sqlite.org > http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users > _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users ___________________________________________ Gunter Hick Software Engineer Scientific Games International GmbH FN 157284 a, HG Wien Klitschgasse 2-4, A-1130 Vienna, Austria Tel: +43 1 80100 0 E-Mail: h...@scigames.at This communication (including any attachments) is intended for the use of the intended recipient(s) only and may contain information that is confidential, privileged or legally protected. Any unauthorized use or dissemination of this communication is strictly prohibited. If you have received this communication in error, please immediately notify the sender by return e-mail message and delete all copies of the original communication. Thank you for your cooperation. _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
