【问题标题】:SqliteSyntaxException: near "0": syntax error [C# Unity]SqliteSyntaxException:接近“0”:语法错误 [C# Unity]
【发布时间】:2017-04-27 16:31:14
【问题描述】:

我正在尝试使用 SQLite 与 Unity3D 的集成,就像在某些教程中一样。 但是我遇到了问题..

这是我的创建表:

public void CreateTablePaciente () 
{
    string sqlCreatePacientes;
    DbConnection connection = new SqliteConnection(urlDataBase);
    IDbCommand command = connection.CreateCommand();
    connection.Open();
    sqlCreatePacientes = "CREATE TABLE IF NOT EXISTS " + tabela 
        + " (cpf TEXT PRIMARY KEY, "
        + "nome TEXT NOT NULL, "
        + "sexo TEXT NOT NULL, "
        + "endereco TEXT NOT NULL, " 
        + "email TEXT, "
        + "dataNascimento TEXT NOT NULL, "
        + "telefone TEXT NOT NULL, "
        + "numeroConsultas TEXT NOT NULL"
        + ");";

    command.CommandText = sqlCreatePacientes;
    command.ExecuteNonQuery ();
}

这是我的插入方法:

public void InsertPaciente (Paciente paciente) 
{
    string sqlInsert;
    DbConnection connection = new SqliteConnection(urlDataBase);
    IDbCommand command = connection.CreateCommand();

    sqlInsert = "INSERT INTO " + tabela 
        + " (cpf, nome, sexo, endereco, email, dataNascimento, telefone, numeroConsultas)"
        + " VALUES (" 
        + paciente.Cpf + ", "
        + paciente.Nome + ", "
        + paciente.Sexo + ", "
        + paciente.Endereco + ", "
        + paciente.Email + ", "
        + paciente.DataNascimento + ", "
        + paciente.Telefone + ", "
        + paciente.NumeroConsultas 
        + ");";

    connection.Open();
    command.CommandText = sqlInsert;
    Debug.Log (sqlInsert);
    command.ExecuteNonQuery();
}

插入查询:

INSERT INTO paciente (cpf, nome, sexo, endereco, email, dataNascimento, telefone, numeroConsultas) 值 (00000000000, Nome 0, m, rua aposkpaosk0, aosais@asiapos.xpco0, 0/00/00, 00000000000, 0 );

但是我遇到了这个 SQLite 错误..

SqliteSyntaxException:接近“0”:语法错误

Mono.Data.SqliteClient.SqliteCommand.GetNextStatement (IntPtr pzStart, System.IntPtr& pzTail, System.IntPtr& pStmt)

Mono.Data.SqliteClient.SqliteCommand.ExecuteReader(CommandBehavior 行为、布尔值 want_results、System.Int32& rows_affected)

Mono.Data.SqliteClient.SqliteCommand.ExecuteNonQuery()

PacienteDAO.InsertPaciente (.Paciente paciente)(位于 Assets/C#Script/PacienteDAO.cs:73)

create table 似乎没问题,但我不知道“near: '0'”是什么意思。我该如何解决?

【问题讨论】:

  • 不要写SQL执行使用字符串连接,使用参数。

标签: c# sqlite unity3d


【解决方案1】:

您最好在 SQL 语句中使用bind parameters,而不是试图通过尝试使用任何字符串连接来克服您的代码暴露的所有可能的SQL injection attacks。我已将您的 Insert 方法更改如下,以在您的语句中引入绑定参数,并将您的类中的值添加到 DBCommand 实例的 Parameters 集合中。

还请注意,我为那些实现 IDisposable 的对象添加了 using 语句。这应该会降低内存泄漏的风险,System.Dats.SqlLite FAQ

中明确提到了这一点
public void InsertPaciente (Paciente paciente) 
{
    string sqlInsert;
    // dispose when done
    using(DbConnection connection = new SQLiteConnection(urlDataBase))
    {
        // dispose when done
        using(IDbCommand command = connection.CreateCommand())
        {
            // use named parameters 
            // https://www.sqlite.org/c3ref/bind_blob.html
            sqlInsert = @"INSERT INTO paciente 
                (cpf, nome, sexo, endereco, email, dataNascimento, telefone, numeroConsultas)
                VALUES 
                (@Cpf, @Nome, @Sexo, @Endereco, @Email, @DataNascimento, @Telefone, @NumeroConsultas 
                );";

            connection.Open();
            command.CommandText = sqlInsert;
            // for each parameter, add the name of the bind-parameter and the value 
            command.Parameters.Add(new SQLiteParameter("Cpf",paciente.Cpf));
            command.Parameters.Add(new SQLiteParameter("Nome", paciente.Nome));
            command.Parameters.Add(new SQLiteParameter("Sexo", paciente.Sexo));
            command.Parameters.Add(new SQLiteParameter("Endereco", paciente.Endereco));
            command.Parameters.Add(new SQLiteParameter("Email", paciente.Email));
            command.Parameters.Add(new SQLiteParameter("DataNascimento", paciente.DataNascimento));
            command.Parameters.Add(new SQLiteParameter("Telefone", paciente.Telefone));
            command.Parameters.Add(new SQLiteParameter("NumeroConsultas", paciente.NumeroConsultas));
            //Debug.Log (sqlInsert);
            command.ExecuteNonQuery();
        }
    }
}

【讨论】:

    【解决方案2】:

    SQL 字符串文字需要用单引号括起来。

    要找出问题所在,您只需将查询粘贴到 SQL Management Studio 中,您就会得到红色的波浪线

    INSERT INTO paciente (cpf, nome, sexo, endereco, email, dataNascimento, telefone, numeroConsultas)
    VALUES ('00000000000', 'Nome 0', 'm', 'rua aposkpaosk0', 'aosais@asiapos.xpco0', '0/00/00', '00000000000', 0);
    

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多