System.Data.SQLite参数问题
我有以下代码:
try { //Create connection SQLiteConnection conn = DBConnection.OpenDB(); //Verify user input, normally you give dbType a size, but Text is an exception var uNavnParam = new SQLiteParameter("@uNavnParam", SqlDbType.Text) { Value = uNavn }; var bNavnParam = new SQLiteParameter("@bNavnParam", SqlDbType.Text) { Value = bNavn }; var passwdParam = new SQLiteParameter("@passwdParam", SqlDbType.Text) {Value = passwd}; var pc_idParam = new SQLiteParameter("@pc_idParam", SqlDbType.TinyInt) { Value = pc_id }; var noterParam = new SQLiteParameter("@noterParam", SqlDbType.Text) { Value = noter }; var licens_idParam = new SQLiteParameter("@licens_idParam", SqlDbType.TinyInt) { Value = licens_id }; var insertSQL = new SQLiteCommand("INSERT INTO Brugere (navn, brugernavn, password, pc_id, noter, licens_id)" + "VALUES ('@uNameParam', '@bNavnParam', '@passwdParam', '@pc_idParam', '@noterParam', '@licens_idParam')", conn); insertSQL.Parameters.Add(uNavnParam); //replace paramenter with verified userinput insertSQL.Parameters.Add(bNavnParam); insertSQL.Parameters.Add(passwdParam); insertSQL.Parameters.Add(pc_idParam); insertSQL.Parameters.Add(noterParam); insertSQL.Parameters.Add(licens_idParam); insertSQL.ExecuteNonQuery(); //Execute query //Close connection DBConnection.CloseDB(conn); //Let the user know that it was changed succesfully this.Text = "Succes! Changed!"; } catch(SQLiteException e) { //Catch error MessageBox.Show(e.ToString(), "ALARM"); }
它执行得很完美,但是当我查看我的“brugere”表时,它已插入值:’@ nameParam’,’@ bnavnParam’,’@ passwdParam’,’@ pc_idParam’,’@ noterParam’,’@ itsens_idParam’字面意思。 而不是取代它们。
我试过制作一个断点并检查参数,它们确实有正确的指定值。 所以这也不是问题。
我现在一直在修补这个问题,没有运气,任何人都可以帮忙吗?
哦,供参考,这是DBConnection类的OpenDB方法:
public static SQLiteConnection OpenDB() { try { //Gets connectionstring from app.config const string myConnectString = "data source=data;"; var conn = new SQLiteConnection(myConnectString); conn.Open(); return conn; } catch (SQLiteException e) { MessageBox.Show(e.ToString(), "ALARM"); return null; } }
您应该在INSERT语句中删除参数名称周围的引号。
而不是
VALUES ('@uNameParam', '@bNavnParam', '@passwdParam', '@pc_idParam', '@noterParam', '@licens_idParam')
使用
VALUES (@uNameParam, @bNavnParam, @passwdParam, @pc_idParam, @noterParam, @licens_idParam)
感谢rwwilden和Jorge Villuendas,答案是:
var insertSQL = new SQLiteCommand("INSERT INTO Brugere (navn, brugernavn, password, pc_id, noter, licens_id)" + " VALUES (@uNavnParam, @bNavnParam, @passwdParam, @pc_idParam, @noterParam, @licens_idParam)", conn); insertSQL.Parameters.AddWithValue("@uNavnParam", uNavn); insertSQL.Parameters.AddWithValue("@bNavnParam", bNavn); insertSQL.Parameters.AddWithValue("@passwdParam", passwd); insertSQL.Parameters.AddWithValue("@pc_idParam", pc_id); insertSQL.Parameters.AddWithValue("@noterParam", noter); insertSQL.Parameters.AddWithValue("@licens_idParam", licens_id); insertSQL.ExecuteNonQuery(); //Execute query
使用System.Data.SqlClient
时,您将从System.Data.SqlDbType
枚举中提供参数类型。
但是如果你使用System.Data.SQLite
那么你必须使用**System.Data.DbType**
枚举。
更换
VALUES(’@ nameParam’,’@ bnavnParam’,’@ passwdParam’,’@ pc_idParam’,’@ noterParam’,’@ itsens_idParam’)
同
价值观(?,?,?,?,?,?)