此sqllite alter table查询有什么问题?
[英]What is wrong with this sqllite alter table query?
问题描述
I need to add column to table, for now I have this code: 
我需要将列添加到表中,现在我有以下代码:
public void InsertParameter(string ColumnName)
{
string sql = "ALTER TABLE table_name ADD :value1";
SQLiteCommand cmd = new SQLiteCommand(sql,conn);
cmd.Parameters.AddWithValue("value1", ColumnName);
cmd.ExecuteNonQuery();
}
But this give me syntax error: 但这给了我语法错误:
near ":value1":syntax error
I really can't figure out what is wrong with this query? 我真的不知道此查询出了什么问题?
1 个解决方案
解决方案1
3 已采纳 2016-10-04 23:40:21
The reason it doesn't work is that the syntax for SQLite's ALTER TABLE statement requires a column-name here instead of an arbitrary string-typed expr . 它不起作用的原因是,SQLite的ALTER TABLE语句的语法在此需要一个列名,而不是一个任意字符串类型的expr 。 This means you can't use a bind-parameter with it. 这意味着您不能将其与绑定参数一起使用。
(Apparently, the implementation of prepared statements requires the table and column names to be known at “compile” time, so it can't be a variable.) (显然,准备好的语句的实现要求在“编译”时知道表名和列名,因此它不能是变量。)
If you need a C# function that dynamically selects a column name at runtime, you need to dynamically create the SQL statement with a hard-coded column name. 如果需要在运行时动态选择列名称的C#函数,则需要使用硬编码的列名称动态创建SQL语句。 (Use double-quoting to prevent SQL injection attacks.) (使用双引号来防止SQL注入攻击。)
string sql = "Alter Table table_name ADD "\"" + ColumnName.Replace("\"", "\"\"") + "\"";
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.