我正在尝试使用SQLite与Unity3D的集成,就像在某些教程中一样。 但是我遇到了问题..
这是我的创建表:
public void CreateTablePaciente ()
{
string sqlCreatePacientes;
DbConnection connection = new SqliteConnection(urlDataBase);
IDbCommand command = connection.CreateCommand();
connection.Open();
sqlCreatePacientes = "CREATE TABLE IF NOT EXISTS " + tabela
+ " (cpf TEXT PRIMARY KEY, "
+ "nome TEXT NOT NULL, "
+ "sexo TEXT NOT NULL, "
+ "endereco TEXT NOT NULL, "
+ "email TEXT, "
+ "dataNascimento TEXT NOT NULL, "
+ "telefone TEXT NOT NULL, "
+ "numeroConsultas TEXT NOT NULL"
+ ");";
command.CommandText = sqlCreatePacientes;
command.ExecuteNonQuery ();
}
这是我的插入方法:
public void InsertPaciente (Paciente paciente)
{
string sqlInsert;
DbConnection connection = new SqliteConnection(urlDataBase);
IDbCommand command = connection.CreateCommand();
sqlInsert = "INSERT INTO " + tabela
+ " (cpf, nome, sexo, endereco, email, dataNascimento, telefone, numeroConsultas)"
+ " VALUES ("
+ paciente.Cpf + ", "
+ paciente.Nome + ", "
+ paciente.Sexo + ", "
+ paciente.Endereco + ", "
+ paciente.Email + ", "
+ paciente.DataNascimento + ", "
+ paciente.Telefone + ", "
+ paciente.NumeroConsultas
+ ");";
connection.Open();
command.CommandText = sqlInsert;
Debug.Log (sqlInsert);
command.ExecuteNonQuery();
}
插入查询:
INSERT INTO paciente(cpf,nome,sexo,endereco,email,dataNascimento,telefone,numeroConsultas)VALUES(00000000000,Nome 0,m,rua aposkpaosk0,aosais @ asaspos.xpco0,0 / 00 / 00,00000000000,0 );
但是我遇到了这个SQLite错误..
SqliteSyntaxException:接近“0”:语法错误
Mono.Data.SqliteClient.SqliteCommand.GetNextStatement(IntPtr pzStart,System.IntPtr& pzTail,System.IntPtr& pStmt)
Mono.Data.SqliteClient.SqliteCommand.ExecuteReader(CommandBehavior behavior,Boolean want_results,System.Int32& rows_affected)
Mono.Data.SqliteClient.SqliteCommand.ExecuteNonQuery()
PacienteDAO.InsertPaciente(.Paciente paciente)(在Assets / C#Script / PacienteDAO.cs:73)
似乎没有创建表,但我不知道这个“附近:'0'”是什么意思..我怎么能解决它?
答案 0 :(得分:1)
SQL字符串文字需要用单引号括起来。
你必须做的就是弄清楚什么是错误的,将查询粘贴到SQL Management Studio中,你就会得到红色的波浪形
INSERT INTO paciente (cpf, nome, sexo, endereco, email, dataNascimento, telefone, numeroConsultas)
VALUES ('00000000000', 'Nome 0', 'm', 'rua aposkpaosk0', 'aosais@asiapos.xpco0', '0/00/00', '00000000000', 0);
答案 1 :(得分:1)
最好在SQL语句中使用bind parameters,而不是试图通过尝试使用任何串联字符串来克服代码公开的所有可能的SQL injection attacks。我已按如下方式更改了您的Insert方法,以在您的语句中引入绑定参数,并将您的类中的值添加到DBCommand实例的Parameters集合中。
另请注意,我为那些实现IDisposable的对象添加了using语句。这应该可以降低内存泄漏的风险,System.Dats.SqlLite FAQ
中明确提到了这一点public void InsertPaciente (Paciente paciente)
{
string sqlInsert;
// dispose when done
using(DbConnection connection = new SQLiteConnection(urlDataBase))
{
// dispose when done
using(IDbCommand command = connection.CreateCommand())
{
// use named parameters
// https://www.sqlite.org/c3ref/bind_blob.html
sqlInsert = @"INSERT INTO paciente
(cpf, nome, sexo, endereco, email, dataNascimento, telefone, numeroConsultas)
VALUES
(@Cpf, @Nome, @Sexo, @Endereco, @Email, @DataNascimento, @Telefone, @NumeroConsultas
);";
connection.Open();
command.CommandText = sqlInsert;
// for each parameter, add the name of the bind-parameter and the value
command.Parameters.Add(new SQLiteParameter("Cpf",paciente.Cpf));
command.Parameters.Add(new SQLiteParameter("Nome", paciente.Nome));
command.Parameters.Add(new SQLiteParameter("Sexo", paciente.Sexo));
command.Parameters.Add(new SQLiteParameter("Endereco", paciente.Endereco));
command.Parameters.Add(new SQLiteParameter("Email", paciente.Email));
command.Parameters.Add(new SQLiteParameter("DataNascimento", paciente.DataNascimento));
command.Parameters.Add(new SQLiteParameter("Telefone", paciente.Telefone));
command.Parameters.Add(new SQLiteParameter("NumeroConsultas", paciente.NumeroConsultas));
//Debug.Log (sqlInsert);
command.ExecuteNonQuery();
}
}
}