sqlite3 (language C): no such column
Question
I want to save the data from USB into the database sqlite3.
Here is data from USB
char T0[8], T1[8], T2[8], T3[8], T4[8];
I create a table with
const char* Temprature_table = "Create table Temprature_1 (ID INTERGER PRIMARY KEY,Thermo_0 decimal(5,1),Thermo_1 decimal(5,1),Thermo_2 decimal(5,1),Thermo_3 decimal(5,1),Thermo_4 decimal(5,1),time DATETIME)";
then I insert data into the table
result = sqlite3_exec (DB,"Insert into Temprature VALUES(NULL, T0, T1, T2, T3, T4, time)",0,0,&errmsg);
or
char array[256];
sprintf(array, "Insert into Temprature_1 VALUES(NULL, T0, T1, T2, T3, T4, time)");
result = sqlite3_exec (DB,array,0,0,&errmsg);
but there is a problem: "cannot insert data: no such column: T0". I do not know why. Thanks.
3 answers
solution1
2 2012-09-14 09:08:46
Your C code and your SQL code is run in different domains and do not share variables. So you can not directly access C variables from SQL code. From looking at the documentation this seems to be the correct solution:
sqlite3_stmt *ppStmt;
sqlite3_prepare_v2(DB, "Insert into Temprature_1 VALUES(NULL, ?, ?, ?, ?, ?, time)", 58, &ppStmt, NULL);
sqlite3_bind_text(ppStmt, 1, T0, 8, SQLITE_TRANSIENT);
sqlite3_bind_text(ppStmt, 2, T1, 8, SQLITE_TRANSIENT);
sqlite3_bind_text(ppStmt, 3, T2, 8, SQLITE_TRANSIENT);
sqlite3_bind_text(ppStmt, 4, T3, 8, SQLITE_TRANSIENT);
sqlite3_bind_text(ppStmt, 5, T4, 8, SQLITE_TRANSIENT);
sqlite3_step(ppStmt);
sqlite3_finalize(ppStmt);
solution2
1 2012-09-14 09:08:01
You don't include the names of C variables in the SQL query string.
You either include a verbatim value (eg by programmatically composing the string from smaller pieces, eg using sprintf ), or you use placeholders for parameters. The latter is more robust against SQL injection attacks, and generally preferred. In the case of C as the host language, it will also save you the trouble of allocating sufficient memory for the pasted query.
You can use placeholders by creating a prepared statement and binding parameters to it. When you execute that statement, the bound parameters will be used in the places indicated by the placeholders.
solution3
1 ACCPTED 2012-09-14 09:19:33
You should use prepared statements to bind values to your query. A regular SQL has the form
INSERT INTO Temperature_1 (Thermo_0, Thermo_1) VALUES (23.2, 42.3)
A prepared statement looks like
INSERT INTO Temperature_1 (Thermo_0, Thermo_1) VALUES (?, ?)
which allows for security and performance enhancements. So your final code will look like
sqlite3_stmt *stmt;
sqlite3_prepare_v2(
db,
"INSERT INTO Temperature (Thermo_0, Thermo_1) VALUES (?, ?)",
-1,
&stmt,
NULL
);
sqlite3_bind_text(stmt, 1, T0, -1, SQLITE_TRANSIENT);
sqlite3_bind_text(stmt, 2, T1, -1, SQLITE_TRANSIENT);
sqlite3_step(stmt);
See this SQLite introduction to the C API. Your code doesn't work because you submit the following string to the query engine
INSERT INTO table (T0);
while the syntax of the INSERT statement looks like
INSERT INTO <table> VALUES (<expression>[, <expression>[, ...]])
When the database engine evaluates your query, it can't know that TO happens to be the name of a variable somewhere in your code, thus issue that error. The SQL is a language of its own, it doesn't share anything with the C context.
As a final note, the correct spelling seems to be TEMPERATURE , not TEMPRATURE (you missed an E after PR)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.