Cannot resist the classic response as to why one should use parameters rather than inline substitution:
https://xkcd.com/327/ > -----Original Message----- > From: sqlite-users [mailto:sqlite-users-boun...@mailinglists.sqlite.org] > On Behalf Of Chris Locke > Sent: Tuesday, 14 March, 2017 00:53 > To: SQLite mailing list > Subject: Re: [sqlite] How to use parameterized queries in SQLite.Net > > From a newbie's point of view, how is this better (if doing it in 'hard > coded' format like below) than writing this code: > > command.CommandText = string.format("INSERT INTO trend_data (tag_key, > value, value_timestamp) VALUES ({0}, {1}, {2})",2,234.56,now); > > I can sort of understand it if its in a subroutine, and I appreciate the > example given was just an example, but whats the advantage of parametized > queries? > > Sorry if diverting the topic somewhat.... > > > Thanks, > Chris > > I > > On Mon, Mar 13, 2017 at 8:15 PM, Rob Richardson <rdrichard...@rad-con.com> > wrote: > > > To answer my own question: this works: > > > > using (SQLiteCommand command = m_conn.CreateCommand()) > > { > > command.CommandType = CommandType.Text; > > command.CommandText = "INSERT INTO trend_data (tag_key, > > value, value_timestamp) VALUES (?, ?, ?)"; > > SQLiteParameter param; > > param = new SQLiteParameter(); > > param.Value = 2; > > command.Parameters.Add(param); > > param = new SQLiteParameter(); > > param.Value = 234.56; > > command.Parameters.Add(param); > > param = new SQLiteParameter(); > > param.Value = DateTime.Now; > > command.Parameters.Add(param); > > rowsAffected = command.ExecuteNonQuery(); > > } > > > > RobR > > > > -----Original Message----- > > From: sqlite-users [mailto:sqlite-users-boun...@mailinglists.sqlite.org] > > On Behalf Of Rob Richardson > > Sent: Monday, March 13, 2017 2:23 PM > > To: General Discussion of SQLite Database (sqlite-users@mailinglists. > > sqlite.org) > > Subject: [sqlite] How to use parameterized queries in SQLite.Net > > > > Hello again. > > > > Since my attempt to find the official answer for myself has hit a snag, > > I'll just ask here. > > > > The examples I've seen for parameterized queries used with the > > SQLiteCommand class have shown named parameters, and the names usually > > begin with an "@" character. Is that character required for named > > parameters? Is that the correct leading character? Is it required to > > include that leading character in the name given to the SQLiteParameter > > object? > > > > I'm used to using the System.Data.ODBC classes, which do not support > named > > parameters, but they do support unnamed parameters, represented by > question > > marks. The order in which the parameters are attached to the command > > object determines the association between the parameter object and the > > query parameter. Unnamed parameters would be easier for me to work with > > than named ones. Does SQlite.Net support unnamed parameters? > > > > Thank you. > > > > RobR > > > > > > _______________________________________________ > > sqlite-users mailing list > > sqlite-users@mailinglists.sqlite.org > > http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users > > _______________________________________________ > > sqlite-users mailing list > > sqlite-users@mailinglists.sqlite.org > > http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users > > > _______________________________________________ > sqlite-users mailing list > sqlite-users@mailinglists.sqlite.org > http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users _______________________________________________ sqlite-users mailing list sqlite-users@mailinglists.sqlite.org http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
