From a newbie's point of view, how is this better (if doing it in 'hard
coded' format like below) than writing this code:
command.CommandText = string.format("INSERT INTO trend_data (tag_key,
value, value_timestamp) VALUES ({0}, {1}, {2})",2,234.56,now);
I can sort of understand it if its in a subroutine, and I appreciate the
example given was just an example, but whats the advantage of parametized
queries?
Sorry if diverting the topic somewhat....
Thanks,
Chris
I
On Mon, Mar 13, 2017 at 8:15 PM, Rob Richardson <[email protected]>
wrote:
> To answer my own question: this works:
>
> using (SQLiteCommand command = m_conn.CreateCommand())
> {
> command.CommandType = CommandType.Text;
> command.CommandText = "INSERT INTO trend_data (tag_key,
> value, value_timestamp) VALUES (?, ?, ?)";
> SQLiteParameter param;
> param = new SQLiteParameter();
> param.Value = 2;
> command.Parameters.Add(param);
> param = new SQLiteParameter();
> param.Value = 234.56;
> command.Parameters.Add(param);
> param = new SQLiteParameter();
> param.Value = DateTime.Now;
> command.Parameters.Add(param);
> rowsAffected = command.ExecuteNonQuery();
> }
>
> RobR
>
> -----Original Message-----
> From: sqlite-users [mailto:[email protected]]
> On Behalf Of Rob Richardson
> Sent: Monday, March 13, 2017 2:23 PM
> To: General Discussion of SQLite Database (sqlite-users@mailinglists.
> sqlite.org)
> Subject: [sqlite] How to use parameterized queries in SQLite.Net
>
> Hello again.
>
> Since my attempt to find the official answer for myself has hit a snag,
> I'll just ask here.
>
> The examples I've seen for parameterized queries used with the
> SQLiteCommand class have shown named parameters, and the names usually
> begin with an "@" character. Is that character required for named
> parameters? Is that the correct leading character? Is it required to
> include that leading character in the name given to the SQLiteParameter
> object?
>
> I'm used to using the System.Data.ODBC classes, which do not support named
> parameters, but they do support unnamed parameters, represented by question
> marks. The order in which the parameters are attached to the command
> object determines the association between the parameter object and the
> query parameter. Unnamed parameters would be easier for me to work with
> than named ones. Does SQlite.Net support unnamed parameters?
>
> Thank you.
>
> RobR
>
>
> _______________________________________________
> sqlite-users mailing list
> [email protected]
> http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
> _______________________________________________
> sqlite-users mailing list
> [email protected]
> http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
>
_______________________________________________
sqlite-users mailing list
[email protected]
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/sqlite-users
