C# c sqlite错误引发isSQLite错误1:“接近”失败“:语法错误”
我在字符串数组中循环,并将它们插入sqlite ddatabase,但这失败了C# c sqlite错误引发isSQLite错误1:“接近”失败“:语法错误”,c#,sqlite,C#,Sqlite,我在字符串数组中循环,并将它们插入sqlite ddatabase,但这失败了 public static bool SavePermissions(String[] permissions) { try { using (SqliteConnection db = new SqliteConnection("Filename="+ shared.AppDetails.dbname)) {
public static bool SavePermissions(String[] permissions)
{
try
{
using (SqliteConnection db = new SqliteConnection("Filename="+ shared.AppDetails.dbname))
{
db.Open();
SqliteCommand insertCommand = new SqliteCommand();
insertCommand.Connection = db;
String tableCommand = "CREATE TABLE IF NOT EXISTS " + _permissiontbl + " (id INTEGER PRIMARY KEY AUTOINCREMENT, user_perm NVARCHAR(2048) UNIQUE)";
SqliteCommand createTable = new SqliteCommand(tableCommand, db);
try
{
createTable.ExecuteReader();
deletePermissions();
foreach (String i in permissions)
{
var sql = "insert into " + _permissiontbl + " (user_perm) values ("+ i +")";
SqliteCommand command = new SqliteCommand(sql, db);
command.ExecuteNonQuery();
}
}
catch (SqliteException exp)
{
//Handle error
Debug.WriteLine("sqlite error thrown is"+exp.Message);
}
db.Close();
}
}
catch(Exception exp)
{
Debug.WriteLine(exp.Message);
}
上面的代码抛出了一个错误
引发sqlite错误isSQLite错误1:“近失败:语法错误”
当我只是在一个字符串数组中循环并逐个保存它们时,哪里出了问题?您正在发送到数据库的字符串周围缺少一个记号
var sql = "insert into " + _permissiontbl + " (user_perm) values ('" + i + "')";
根据@DangerZone的建议,我确实认为您应该参数化您的查询
根据@Rahul的建议,下面是一个参数化查询的示例:
var sql = "insert into " + _permissiontbl + " (user_perm) values (@perm)";
SQLiteCommand command = new SQLiteCommand(sql, db);
command.Parameters.Add(new SQLiteParameter("@perm", i));
command.ExecuteNonQuery();
参数化您的查询。很好。。也要显示此文件的参数化版本