Geek Answers Handbook

Sqlite "Refresh" C # Syntax

Hi, the following code gives a syntax error. I do not know how to fix the problem.

Error

{"SQLite error \ r \ nnear \" Mytext \ ": syntax error"}

My code

string dataSource = "Database.s3db";
SQLiteConnection connection = new SQLiteConnection();
connection.ConnectionString = "Data Source=" + dataSource;
connection.Open();
SQLiteCommand command = new SQLiteCommand(connection);
command.CommandText = ("update Example set Info ='" + textBox2.Text + ", Text ='"+textBox3.Text + "where ID ='" + textBox1.Text +"'");
command.ExecuteNonQuery();
+5
source share
2 answers

Others have suggested alternative ways to build SQL, but you shouldn't include values ​​in SQL at all. You should use a parameterized query that avoids SQL injection attacks , among other things.

It is not immediately clear which driver you are using, but assuming that it is Devart.com, the documentation for SQLiteCommand.Parametersgives a good example of how to do this. In your case, the code will look something like this:

string dataSource = "Database.s3db";
using (SQLiteConnection connection = new SQLiteConnection())
{
    connection.ConnectionString = "Data Source=" + dataSource;
    connection.Open();
    using (SQLiteCommand command = new SQLiteCommand(connection))
    {
        command.CommandText =
            "update Example set Info = :info, Text = :text where ID=:id";
        command.Parameters.Add("info", DbType.String).Value = textBox2.Text; 
        command.Parameters.Add("text", DbType.String).Value = textBox3.Text; 
        command.Parameters.Add("id", DbType.String).Value = textBox1.Text; 
        command.ExecuteNonQuery();
    }
}
+21

' 2

:

command.CommandText = ("update Example set Info ='" + textBox2.Text + "', Text ='"+textBox3.Text + "' where ID ='" + textBox1.Text +"'");
+5

More articles:


All Articles