Fatal编程技术网
  • csharp/
  • C# 带c和where子句的Sqlite

C# 带c和where子句的Sqlite

c# sql sqlite select

C# 带c和where子句的Sqlite,c#,sql,sqlite,select,where-clause,C#,Sql,Sqlite,Select,Where Clause,我有以下代码可以正常工作,但是如何在中添加where子句 正在尝试以下字符串: sql=从[devices]中选择[ip\U address]、[name]、[model]、[mac\U address]、[operating\U system]、[current\U user],其中[ip\U address]=@192.168.0.56 using System; using System.Data.SQLite; using System.IO; namespace SQLiteSam

我有以下代码可以正常工作,但是如何在中添加where子句

正在尝试以下字符串: sql=从[devices]中选择[ip\U address]、[name]、[model]、[mac\U address]、[operating\U system]、[current\U user],其中[ip\U address]=@192.168.0.56

using System;
using System.Data.SQLite;
using System.IO;


namespace SQLiteSamples
{
    class Program
    {
        // Holds our connection with the database
        SQLiteConnection m_dbConnection;


        public string Info { get; private set; }

        static void Main(string[] args)
        {
            Program p = new Program();
        }

        public Program()
        {

            connectToDatabase();            
            printResult();
        }



        // Creates a read only connection to spiceworks database file.
        void connectToDatabase()
        {
            //m_dbConnection = new SQLiteConnection(@"Data Source=\\spiceworks\db\spiceworks_prod.db;Version=3;Read Only=True");
            m_dbConnection = new SQLiteConnection(@"Data Source=C:\Temp\ZipSampleExtract\db\spiceworks_prod.db;Version=3;Read Only=True");        
            m_dbConnection.Open();
        }




        // Writes the output from spiceworks table devices.
        void printResult()
        {

            string sql = "select [ip_address], [name], [model], [mac_address], [operating_system], [current_user]from [devices]";
            SQLiteCommand command = new SQLiteCommand(sql, m_dbConnection);
            SQLiteDataReader reader = command.ExecuteReader();

            while (reader.Read())

           Console.WriteLine("ip_address: " + reader["ip_address"] + "  " + reader["name"] + "  " + reader["model"] + "  " + reader["mac_address"]+"  " + reader["operating_system"] + "  " + reader["current_user"]);
           Info = Convert.ToString(Console.ReadLine());
           File.WriteAllText("E:\\johnb.txt", Info);

       }

    }
}
SQL中的字符串文字用单引号表示:

string sql = "select [ip_address], [name], [model], [mac_address], [operating_system], [current_user] from [devices] where [ip_address] = '192.168.0.56'";
您将希望在最终项目中使用参数来防止SQL注入

    string sql = "select [ip_address], [name], [model], [mac_address], [operating_system], [current_user]from [devices] where [ip_address] = @ip_address";
    SQLiteCommand command = new SQLiteCommand(sql, m_dbConnection);
    command.Parameters.Add(new SqlParameter("@ip_address", ipAddressValue));

    SQLiteDataReader reader = command.ExecuteReader();