C#到SQLite电子邮件字符串
[英]C# to SQLite Email String
问题描述
Trying to store an email address from a .NET application into a SQLite database. 
尝试将电子邮件地址从.NET应用程序存储到SQLite数据库中。 The DB is pre-built within the SQLite studio and I have already connected my project to it. 该数据库是在SQLite Studio中预先构建的,我已经将项目连接到该数据库。
Problem is, when I attempt to pass an email address (String), into the DB with the following: 问题是,当我尝试通过以下方式将电子邮件地址(字符串)传递到数据库时:
Account.Email = test@test.com
string SQLText = "INSERT " + "INTO Account (Email) " + "VALUES (" + Account.Email + ")"
SqliteCommand Command = new SQLiteCommand (SQLText, Base);
Command.ExecuteNonQuery ();
Account being a class that holds the email string and Base being a reference to the DB with C#. Account是保存电子邮件字符串的类,Base是对使用C#的数据库的引用。
I get 我懂了
SQLiteSyntaxException: near "@Test": syntax error
What should I do to the string in order for it to ignore the @ as a parameter declaration in sql? 我应该对字符串做些什么,以使其忽略sql中的@作为参数声明?
Any advice? 有什么建议吗?
Sean 肖恩
1 个解决方案
解决方案1
0 已采纳 2015-06-03 13:33:06
I don't know about sqlite specifically, but with my knowledge of SQL syntax in general, the resulting statement should look like (assuming the email address is email@test.com ): 我不特别了解sqlite ,但是据我一般的SQL语法知识,结果语句应如下所示(假设电子邮件地址为email@test.com ):
INSERT INTO Account(Email) Values ('email@test.com')
But your code produces the following statement: 但是您的代码会产生以下语句:
INSERT INTO Account(Email) Values (email@test.com)
You'll notice the single quotes are missing from the second line. 您会注意到第二行缺少单引号。
Also, you might want to look into what a SQL injection attack is. 另外,您可能想研究什么是SQL注入攻击。 Building your queries by concatenating strings with user input opens you up to this type of attack. 通过将字符串与用户输入连接在一起来构建查询,这使您容易受到这种攻击。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.