> On Oct 15, 2016, at 9:26 AM, Vaibhav Shah <vbshah1...@gmail.com> wrote:
> I am using sqlite3.exe for bulk insertion in C#. I am facing issue when
> insert Hebrew data. As it contains double qoute(") as character and it does
> not support in insertion.
It’s almost always a bad idea to put variable string data directly into a SQL
query, which is what it sounds like you’re doing. If you don’t follow the
proper quoting rules, your code becomes vulnerable to SQL injection attacks.
Even if you do quote correctly, you’re making SQLite parse and compile your
query every time you run it, which is bad for performance.
Instead you should be using placeholders like “?” or “:name” in your query,
compiling it once, then binding the values when you run it. This lets you pass
the string in directly with no need to worry about quoting/escaping.
sqlite-users mailing list