C# to SQLite Email String
Question
Trying to store an email address from a .NET application into a SQLite database. The DB is pre-built within the SQLite studio and I have already connected my project to it.
Problem is, when I attempt to pass an email address (String), into the DB with the following:
Account.Email = test@test.com
string SQLText = "INSERT " + "INTO Account (Email) " + "VALUES (" + Account.Email + ")"
SqliteCommand Command = new SQLiteCommand (SQLText, Base);
Command.ExecuteNonQuery ();
Account being a class that holds the email string and Base being a reference to the DB with C#.
I get
SQLiteSyntaxException: near "@Test": syntax error
What should I do to the string in order for it to ignore the @ as a parameter declaration in sql?
Any advice?
Sean
1 answers
solution1
0 ACCPTED 2015-06-03 13:33:06
I don't know about sqlite specifically, but with my knowledge of SQL syntax in general, the resulting statement should look like (assuming the email address is email@test.com ):
INSERT INTO Account(Email) Values ('email@test.com')
But your code produces the following statement:
INSERT INTO Account(Email) Values (email@test.com)
You'll notice the single quotes are missing from the second line.
Also, you might want to look into what a SQL injection attack is. Building your queries by concatenating strings with user input opens you up to this type of attack.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.