Question

我刚刚运行Visual Studio的代码分析，他们告诉我对以下代码行使用参数化查询：

using(var DA = new SQLiteDataAdapter(SQL, connectionstring))

完整的方法：

public static DataTable SelectAll(string SQL)
        {
            //create a string(connectionstring), filled with the connectionstring
            string connectionstring = "Data Source=" + LogicDatabase.Databasename + ";Version=3;Password=" + Settings.SQLiteDatabasePassword + ";";
            //create a new DataSet
            DataSet DS = new DataSet();
            //Give name to a SQLiteDataAdapter

            //Create a new SQLiteDataAdapter and fill it with the sql query, and path of the Database.
            using(var DA = new SQLiteDataAdapter(SQL, connectionstring))
            {
                //Clear the dataset, so we are sure it is empty, before storing items in it.
                DS.Clear();
                //fill the dataset from the SQLiteDataAdapter.
                DA.Fill(DS);
                //Fill the DataTable with the first table of the DataSet
                DataTable DT = DS.Tables[0];
                //return the DataTable
                return DT;
            }                 
        }

如何在此代码中实现参数？

Answer 1

使用SQLiteCommand并将其填入您的SQL语句。它有一个属性Parameters，您可以使用SQLiteParameter的实例填充该属性。之后，您可以使用此命令创建SQLiteDataAdapter。

如何在以下方法中使用参数

1 个答案: