I should clarify ... I am currently using:
string stCmdString = "SELECT" + stFieldNames + "FROM " +
stTableName + " WHERE " + stLikeFieldName + " LIKE '%" +
liststLikeFieldValue[0] + "%'";
for (int iii = 1; iii < liststLikeFieldValue.Count; iii++)
stCmdString += " AND " + stLikeFieldName + " LIKE '%" +
liststLikeFieldValue[iii] + "%'";
which does not handle the cases where a ' is included in the field value.
On Wed, Jan 25, 2017 at 9:50 AM, Clyde Eisenbeis <[email protected]> wrote:
> Thanks for the prompt response!
>
> Are there code examples similar to the following (OLE DB)?
>
> oledbCmd.CommandText = "SELECT" + stFieldNames + "FROM " +
> stTableName + " WHERE " + stLikeFieldName + " LIKE @p0";
>
> for (int iii = 1; iii < liststLikeFieldValue.Count; iii++)
> oledbCmd.CommandText += stLikeFieldName + " AND " +
> stLikeFieldName + " LIKE @p" + (iii).ToString();
>
> On Wed, Jan 25, 2017 at 9:45 AM, Warren Young <[email protected]> wrote:
>> On Jan 25, 2017, at 8:33 AM, Clyde Eisenbeis <[email protected]> wrote:
>>>
>>> The use of .Parameters in OLE DB fixes this problem. Is there an
>>> equivalent for SQLite?
>>
>> You’re looking for prepared statements with parameters:
>>
>> https://sqlite.org/c3ref/stmt.html
>> https://sqlite.org/lang_expr.html#varparam
>>
>> _______________________________________________
>> sqlite-users mailing list
>> [email protected]
>> http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
_______________________________________________
sqlite-users mailing list
[email protected]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
