tags:

views:

605

answers:

2
Q: 

sqlite in vb.net, can't find table even though it exists

I'm using the following code (System.Data.SQLite within VB.net):

        Dim SQLconnect As New SQLite.SQLiteConnection()
        Dim SQLcommand As SQLiteCommand
        SQLconnect.ConnectionString = "Data Source=vault.db;"
        SQLconnect.Open()
        SQLcommand = SQLconnect.CreateCommand
        SQLcommand.CommandText = "INSERT INTO entries VALUES ('" & appinput.Text & "','" & userinput.Text & "','" & passinput.Text & "')"
        SQLcommand.ExecuteNonQuery()
        SQLcommand.Dispose()
        SQLconnect.Close()
        Me.Hide()

I get an error back that says it can't find the table "entries" I know the table exists because I can write to it via the command line through sqlite and through Autoit and can see it and edit it in the SQLite browser when I open the database. I don't understand why VB can't see it (I know it sees and opens the database file just fine). Any ideas?

+1  A: 

Argh! There are 3 big issues in that code. Please update it like this to fix two of them:

Using cn As New SQLite.SQLiteConnection("Data Source=vault.db;"), _
      cmd As New SQLiteCommand("INSERT INTO entries VALUES (@AppInput, @UserInput, @PassInput)", cn)

    cmd.Parameters.AddWithValue("@AppInput", appinput.Text);
    cmd.Parameters.AddWithValue("@UserInput", userinput.Text);
    cmd.Parameters.AddWithValue("@PassInput", passinput.Text);

    cn.Open()
    cmd.ExecuteNonQuery()
End Using

This will prevent sql injection by parameterizing your query instead of substituting values directly and prevent db locking issues by making sure your connection is disposed properly, even if an exception is thrown.

The third problem is that you should NEVER store plain-text passwords in your database (or anywhere else for that matter). Go read up on how to hash values in .Net and hash and salt your password before storing or comparing it.

Once you've done that re-test your code to see if you still get the same errors reported as before. We need to make sure this didn't solve the problem or introduce something new. Then we can start addressing the missing table issue, perhaps by checking your connection string.

Joel Coehoorn  2009-05-11 00:37:56
thanks, I'll try it, and I know about the plain text passwords, I will be adding encryption, I just wanted to make sure the program writes properly first, encryption comes second.
MaQleod  2009-05-11 00:41:13
+1  A: 

Most likely your problem is with relative paths (directories).

sqlite will create a database file if it does not exist so you will never get a "db file not found message". The first indication of an incorrect path is "table missing".

My personal experience is that although it goes against my programmers instinct is to alway use an absolute (fully qualified) path/file name for an sqlite database.

If you put in the full file location like "/var/myapp/vault.db" you should be OK. If this is likly to move around store pick up the file name from a properties/config file -- 'config file not found' is much easier to deal with than "table not found".

James Anderson  2009-05-11 02:27:20
that solved the problem, but brings up another issue; without the use of a relative path, the program is then limited to a strict install path.
MaQleod  2009-05-11 06:02:40
No its not. You just have to be able to pick up the installed path at runtime and use it to compose the full connection string. .Net makes that pretty easy.
Joel Coehoorn  2009-05-11 13:30:31

related questions

What are the most important functional differences between C# and VB.NET?
Setting Group Type for new Active Directory Entry in VB.NET
ASP.Net Datagrid: in Footer calculate Avg or Sum for column
Opening a file in my application from File Explorer
HTML Email Editor in a Windows Forms Application
Datatables, Dataviews and distincts! (ASP.Net/VB)
Naming convention for VB.NET private fields
Visual Studio - new "default" property values for inherited controls
Change the width of a scrollbar
Is String.Format as efficient as StringBuilder
Default Form Button in FireFox
VB.NET - IsNothing versus Is Nothing
'Break' equivalent keyword for VB
What is the best way to wrap time around the work day?
Best SVN Client Ignore Pattern for VB.NET Solutions?
Long-time LAMP Developer moving to VB.NET
What's the best way to find long-running code in a Windows Forms Application
What is the best way to deploy a VB.NET application?
'Best' Diff Algorithm
Setting Objects to Null/Nothing after use in .NET
CSV File Imports in .Net
How do you migrate a large app from VB6 to VB .net ?
Floating Point Number parsing: Is there a Catch All algorithm?
Decoding T-SQL CAST in C#/VB.net
Reliable Timer in a Console Application