循环遍历一个字符串数组,将它们插入到sqlite数据库但是失败
public static bool SavePermissions(String[] permissions)
{
try
{
using (SqliteConnection db = new SqliteConnection("Filename="+ shared.AppDetails.dbname))
{
db.Open();
SqliteCommand insertCommand = new SqliteCommand();
insertCommand.Connection = db;
String tableCommand = "CREATE TABLE IF NOT EXISTS " + _permissiontbl + " (id INTEGER PRIMARY KEY AUTOINCREMENT, user_perm NVARCHAR(2048) UNIQUE)";
SqliteCommand createTable = new SqliteCommand(tableCommand, db);
try
{
createTable.ExecuteReader();
deletePermissions();
foreach (String i in permissions)
{
var sql = "insert into " + _permissiontbl + " (user_perm) values ("+ i +")";
SqliteCommand command = new SqliteCommand(sql, db);
command.ExecuteNonQuery();
}
}
catch (SqliteException exp)
{
//Handle error
Debug.WriteLine("sqlite error thrown is"+exp.Message);
}
db.Close();
}
}
catch(Exception exp)
{
Debug.WriteLine(exp.Message);
}
THE ABOVE抛出错误
抛出sqlite错误isSQLite错误1:'near'失败“:语法错误'。
我在哪里错了,因为我只是循环一个字符串数组并逐个保存它们?
答案 0 :(得分:2)
您在发送到数据库的字符串周围缺少单个刻度。
var sql = "insert into " + _permissiontbl + " (user_perm) values ('" + i + "')";
Per @ DangerZone的建议,我确实认为你应该参数化你的查询。
Per @ Rahul的建议,以下是参数化查询的示例:
var sql = "insert into " + _permissiontbl + " (user_perm) values (@perm)";
SQLiteCommand command = new SQLiteCommand(sql, db);
command.Parameters.Add(new SQLiteParameter("@perm", i));
command.ExecuteNonQuery();