#Save db sqlite code#
What you are trying to do can seem like a good idea on the surface, to allow you to dynamically write an arbitrary SQL query on the fly by passing it DB object identifier names, and even SQL executable code as object parameters. Yes, this cannot be done, by design (read: it should not be done this way, ideally). I attempted to have SQL Injection prevention parameters for tableName, selectHeader and whereHeader, however, it kept throwing an error saying the syntax was wrong.
Using (var dbCommand = dbConnection.CreateCommand (sql, dbConnection)) Using (var dbCommand = dbConnection.CreateCommand ())ĭbCommand.CommandText = string.Format ("SELECT = tableName, setHeader, whereHeader) Using (var dbConnection = new SqliteConnection ("URI=file:" + Application.dataPath + connection)) public object FindData (string tableName, string selectHeader, string whereHeader, object whereValue) Info - Table name | display_name | coins | total_score |īelow is my FindData method, which is used to lookup data in a specified table. Let's also assume that I check for null prior to obtaining/updating data. Here is an example of the database used for this post.
I would appreciate any pointers with the design of my methods and/or my SQL syntax.įYI: I'm using System.Data and C# Mono 2.0 (Unit圓D). I'm in the process of learning SQLite in C# and I've come up with some generic methods for finding and updating data.
0 kommentar(er)
