use*_*067 6 c# sql sqlite syntax
嗨以下代码给出语法错误.我不知道如何解决问题.
错误
{"SQLite error\r \nnear \"Mytext \":语法错误"}
我的守则
string dataSource = "Database.s3db";
SQLiteConnection connection = new SQLiteConnection();
connection.ConnectionString = "Data Source=" + dataSource;
connection.Open();
SQLiteCommand command = new SQLiteCommand(connection);
command.CommandText = ("update Example set Info ='" + textBox2.Text + ", Text ='"+textBox3.Text + "where ID ='" + textBox1.Text +"'");
command.ExecuteNonQuery();
Jon*_*eet 23
其他人已经提出了构建SQL的替代方法,但是你根本不应该在SQL中包含这些值.您应该使用参数化查询,这可以避免SQL注入攻击等.
我不清楚你正在使用哪种驱动程序,但假设它是Devart.com的驱动程序,文档SQLiteCommand.Parameters提供了如何执行此操作的一个很好的示例.在您的情况下,代码将变为类似于:
string dataSource = "Database.s3db";
using (SQLiteConnection connection = new SQLiteConnection())
{
connection.ConnectionString = "Data Source=" + dataSource;
connection.Open();
using (SQLiteCommand command = new SQLiteCommand(connection))
{
command.CommandText =
"update Example set Info = :info, Text = :text where ID=:id";
command.Parameters.Add("info", DbType.String).Value = textBox2.Text;
command.Parameters.Add("text", DbType.String).Value = textBox3.Text;
command.Parameters.Add("id", DbType.String).Value = textBox1.Text;
command.ExecuteNonQuery();
}
}