[Mono-bugs] [Bug 61130][Nor] New - Mono.Data.SqliteCommand ignore the sql params

[bugzilla-daemon@bugzilla.ximian.com]

Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by tom@aliacom.fr.

http://bugzilla.ximian.com/show_bug.cgi?id=61130

--- shadow/61130	2004-07-03 13:59:43.000000000 -0400
+++ shadow/61130.tmp.9213	2004-07-03 13:59:43.000000000 -0400
@@ -0,0 +1,51 @@
+Bug#: 61130
+Product: Mono: Class Libraries
+Version: unspecified
+OS: 
+OS Details: linux, mono 1.0
+Status: NEW   
+Resolution: 
+Severity: 
+Priority: Normal
+Component: Sys.Data
+AssignedTo: mono-bugs@ximian.com                            
+ReportedBy: tom@aliacom.fr               
+QAContact: mono-bugs@ximian.com
+TargetMilestone: ---
+URL: 
+Cc: 
+Summary: Mono.Data.SqliteCommand ignore the sql params
+
+I'm trying to use the following code to insert data in an sqlite table :
+
+	public void store(Feed f) {
+	    Console.WriteLine("Storing feed {0} {1}", f.getUrl(), f.getLabel());
+	    SqliteConnection con = getConnection();
+	    SqliteCommand cmd = new SqliteCommand();
+	    cmd.Connection = con;
+
+	    SqliteParameterCollection spc = cmd.Parameters;
+
+	    if (findByPrimaryKey(f.getId()) != null) {
+		cmd.CommandText = 
+		    "UPDATE feed SET url=?, label=?"+
+		    "WHERE id=?";
+		spc.Add("id", f.getId());
+	    } else {
+		cmd.CommandText = 
+		    "INSERT into feed (url, label) "+
+		    "VALUES (?, ?)";
+	    }
+	    spc.Add("url", f.getUrl());
+	    spc.Add("label", f.getLabel());
+
+	    cmd.ExecuteNonQuery();
+	    con.Close();
+	}
+
+I'm not sure I'm the parameters property is intented to work the way I
+think (ie. like a PreparedStatement with JDBC in java), but I'm sure that
+the sql_params instance variable is unused in the SqliteCommand class.
+
+What is the proper way to insert a string into an sqlite database, without
+write my own escaping function ?