Re: [sqlite] SQLite error near "16": syntax error

Pavel Ivanov Tue, 19 Feb 2013 16:01:07 -0800

On Tue, Feb 19, 2013 at 1:39 AM, mikkelzuuu <mikkelz...@gmail.com> wrote:
> Hey guys, I'm getting this error (see title)
> I'm using C# by the way.
>
> string StrQuery = @"INSERT INTO Test VALUES (" +
> dataGridView1.Rows[i].Cells["Column1"].Value + ", " +
> dataGridView1.Rows[i].Cells["Column2"].Value + ", " +
> dataGridView1.Rows[i].Cells["Column3"].Value + ", " +
> dataGridView1.Rows[i].Cells["Column4"].Value + ", " +
> dataGridView1.Rows[i].Cells["Column5"].Value + ");";
>
> That would then be my query. I can't see a 16 anywhere in my query code.


This is a great example of sql injection (you can google "sql
injection" to understand what's that) and the reason why you shouldn't
construct your sql queries like that. :)


Pavel
_______________________________________________
sqlite-users mailing list
sqlite-users@sqlite.org
http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users

Re: [sqlite] SQLite error near "16": syntax error

Reply via email to