sqlite3（语言C）：没有这样的列

Question

I want to save the data from USB into the database sqlite3.

Here is data from USB

char T0[8], T1[8], T2[8], T3[8], T4[8];

I create a table with

const char* Temprature_table = "Create table Temprature_1 (ID INTERGER PRIMARY KEY,Thermo_0 decimal(5,1),Thermo_1 decimal(5,1),Thermo_2 decimal(5,1),Thermo_3 decimal(5,1),Thermo_4 decimal(5,1),time DATETIME)";

then I insert data into the table

result = sqlite3_exec (DB,"Insert  into Temprature VALUES(NULL, T0, T1, T2, T3, T4, time)",0,0,&errmsg);

or

char array[256];
sprintf(array, "Insert into Temprature_1 VALUES(NULL, T0, T1, T2, T3, T4, time)");
result = sqlite3_exec (DB,array,0,0,&errmsg);

but there is a problem: "cannot insert data: no such column: T0". I do not know why. Thanks.

Answer 1

Your C code and your SQL code is run in different domains and do not share variables. So you can not directly access C variables from SQL code. From looking at the documentation this seems to be the correct solution:

sqlite3_stmt *ppStmt;
sqlite3_prepare_v2(DB, "Insert into Temprature_1 VALUES(NULL, ?, ?, ?, ?, ?, time)", 58, &ppStmt, NULL);

sqlite3_bind_text(ppStmt, 1, T0, 8, SQLITE_TRANSIENT);
sqlite3_bind_text(ppStmt, 2, T1, 8, SQLITE_TRANSIENT);
sqlite3_bind_text(ppStmt, 3, T2, 8, SQLITE_TRANSIENT);
sqlite3_bind_text(ppStmt, 4, T3, 8, SQLITE_TRANSIENT);
sqlite3_bind_text(ppStmt, 5, T4, 8, SQLITE_TRANSIENT);

sqlite3_step(ppStmt);
sqlite3_finalize(ppStmt);

Answer 2

You don't include the names of C variables in the SQL query string.

You either include a verbatim value (eg by programmatically composing the string from smaller pieces, eg using sprintf ), or you use placeholders for parameters. The latter is more robust against SQL injection attacks, and generally preferred. In the case of C as the host language, it will also save you the trouble of allocating sufficient memory for the pasted query.

You can use placeholders by creating a prepared statement and binding parameters to it. When you execute that statement, the bound parameters will be used in the places indicated by the placeholders.

Answer 3

You should use prepared statements to bind values to your query. A regular SQL has the form

INSERT INTO Temperature_1 (Thermo_0, Thermo_1) VALUES (23.2, 42.3)

A prepared statement looks like

INSERT INTO Temperature_1 (Thermo_0, Thermo_1) VALUES (?, ?)

which allows for security and performance enhancements. So your final code will look like

sqlite3_stmt *stmt;

sqlite3_prepare_v2(
  db,
  "INSERT INTO Temperature (Thermo_0, Thermo_1) VALUES (?, ?)",
  -1,
  &stmt,
  NULL
);

sqlite3_bind_text(stmt, 1, T0, -1, SQLITE_TRANSIENT);
sqlite3_bind_text(stmt, 2, T1, -1, SQLITE_TRANSIENT);

sqlite3_step(stmt);

See this SQLite introduction to the C API. Your code doesn't work because you submit the following string to the query engine

INSERT INTO table (T0);

while the syntax of the INSERT statement looks like

INSERT INTO <table> VALUES (<expression>[, <expression>[, ...]])

When the database engine evaluates your query, it can't know that TO happens to be the name of a variable somewhere in your code, thus issue that error. The SQL is a language of its own, it doesn't share anything with the C context.

As a final note, the correct spelling seems to be TEMPERATURE , not TEMPRATURE (you missed an E after PR)