tags:

views:

480

answers:

1
+1  Q: 

SQLite INSERT Statement

I have create the following insert method by researching the internet but I know it needs some work since it quite bulky and unsightly. I have tested it and it works fairly well but I know it could work better. If possible could someone show me how to convert this method to use parameters and/or increase its efficency?

public static void SQLiteTableINSERT(string tableName)
    {
        int colCount = 0;
        using (SQLiteConnection Conn = new SQLiteConnection(SQLiteConn.Conn))
        {
            using (SQLiteTransaction sqliteTrans = Conn.BeginTransaction())
            {
                using (SQLiteCommand cmd = Conn.CreateCommand())
                {
                    DataTableColumnNames();

                    string query = "INSERT INTO " + tableName + "(";

                    foreach (string name in DtColumns)
                    {
                        query += "[" + name + "]";
                        ++colCount;

                        if (colCount < DtColumns.Count())
                            query += ",";
                    }

                    query += ")";
                    query += " VALUES(";

                    for (int i = 0; i < LocalDataSet.LocalDs.Tables[0].Rows.Count; ++i)
                    {
                        cmd.CommandText = query;

                        foreach (DataColumn col in LocalDataSet.LocalDs.Tables[0].Columns)
                        {
                            string temp = LocalDataSet.LocalDs.Tables[0].Rows[i][col, DataRowVersion.Current].ToString();

                            if (temp == "True")
                                cmd.CommandText += 1;

                            else if (temp == "")
                                cmd.CommandText += 0;

                            if (temp != "True" && temp != "")
                                cmd.CommandText += "'" +temp + "'";

                            cmd.CommandText += ",";
                        }

                        cmd.CommandText = cmd.CommandText.Remove(cmd.CommandText.LastIndexOf(","));

                        cmd.CommandText += ")";

                        cmd.ExecuteNonQuery();
                    }
                }

                sqliteTrans.Commit();
            }

        }
    }

Thanks, Nathan

+2  A: 

You really should switch this to using a prepared statement, then binding the data to parameters in that prepared statement. The basics are explained here for C/C++:

http://www.sqlite.org/cintro.html

I suspect that you are using dotConnect so you might want to refer to this for your specific example:

http://www.devart.com/dotconnect/sqlite/docs/Parameters.html

Same principle applies. You write the SQL as a single string constant that is easy to read, review and modify in your source code. Then you send that SQL command to SQLite along with a set of data elements to replace each of the parameters. This technique makes your code clearer and helps to avoid SQL injection attacks, or mixups.

Michael Dillon  2009-10-17 20:48:13
So I changed my code around a bit to where I am inserting (?) in my VALUES portion of the insert statement and I have attempted to update my code to use parameters but I keep getting the exception: "Insufficient parameters supplied to the command"I looked through my code and everything appears to be right, can anyone see something wrong with this?I am going to post the code in an answer.Thanks!
Nathan  2009-10-17 23:59:54
That sounds like the error you would get if you don't supply one data item for every ?. For instance, if you had three ? but only pass two parameters. In C/C++ it might possibly have something to do with a null string parameter, or even a type mismatch.
Michael Dillon  2009-10-18 12:17:37

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?