[Mono-bugs] [Bug 61130][Nor] Changed - Mono.Data.SqliteCommand ignore the sql params
bugzilla-daemon@bugzilla.ximian.com
bugzilla-daemon@bugzilla.ximian.com
Sun, 8 Aug 2004 21:42:45 -0400 (EDT)
Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.
Changed by grompf@sublimeintervention.com.
http://bugzilla.ximian.com/show_bug.cgi?id=61130
--- shadow/61130 2004-07-03 13:59:43.000000000 -0400
+++ shadow/61130.tmp.21820 2004-08-08 21:42:45.000000000 -0400
@@ -1,14 +1,14 @@
Bug#: 61130
Product: Mono: Class Libraries
Version: unspecified
-OS:
+OS: unknown
OS Details: linux, mono 1.0
Status: NEW
Resolution:
-Severity:
+Severity: Unknown
Priority: Normal
Component: Sys.Data
AssignedTo: mono-bugs@ximian.com
ReportedBy: tom@aliacom.fr
QAContact: mono-bugs@ximian.com
TargetMilestone: ---
@@ -46,6 +46,19 @@
I'm not sure I'm the parameters property is intented to work the way I
think (ie. like a PreparedStatement with JDBC in java), but I'm sure that
the sql_params instance variable is unused in the SqliteCommand class.
What is the proper way to insert a string into an sqlite database, without
write my own escaping function ?
+
+------- Additional Comments From grompf@sublimeintervention.com 2004-08-08 21:42 -------
+Please note the problem here is you're using the wrong sytax; you're using java
+preparedstatement syntax which is not C# syntax; for C# params you use @name rather
+than ?; for example:
+
+cmd.CommandText = "UPDATE foo SET bar=@bar";
+spc.Add("bar", "bla");
+
+would be correct.
+
+-kang
+