sql - Storing IP addresses in SQLite using C# and ADO.NET -
i've got database client connect mysql database. mysql workbench, have system in place store connection credentials can called later. i'm implementing feature on own in c#.
i have wpf form in these details entered. 1 of these controls takes in ip address, i'd store in sqlite3 database file. problem is, when put txthostname.text form , store in table (the particular column text-type column), trips on "." between digits in ip address.
let's i'm using 127.0.0.1. database store 127, come across ".0", , throw error in c#. problem, of course.
here's code i'm using create .db file , create table hold information in:
private void btnok_click(object sender, routedeventargs e) { string filename = txtconnectionname.text + ".db"; sqliteconnection conn = createconnectionforschemacreation(filename); using (sqlitecommand cmd = new sqlitecommand(conn)) { cmd.commandtext = "create table server_details(connectionname text primary key, hostname text not null, username text not null, password text not null, defaultschema text not null)"; cmd.executenonquery(); cmd.commandtext = string.format("insert server_details(connectionname,hostname,username,password,defaultschema) values({0},{1},{2},{3},{4})", txtconnectionname.text, txthostname.text, txtusername.text, pwdpassword.password, txtdefaultschema.text); cmd.executenonquery(); } conn.close(); }
i'm more of developer database analyst, i'm bit stumped here. i'd rather use sqlite database hold information - it's far easier work parsing .txt file - seem if data type natively hold ip addresses isn't there in sqlite. know possibly write function enable that, it's been while since i've done sql function work.
if quote variables, they'll treated literal values.
this gives me syntax error:
insert server_details values (google, google.com, foo, bar, 127.0.0.1);
this executes fine:
insert server_details values ('google', 'google.com', 'foo', 'bar', '127.0.0.1');
really, though, time talk prepared statements , sql injection. if pass query , data separately, can avoid quite few bugs, security problems, , performance hits.
you didn't mention particular dbi you're using (there several sqlite libraries c#), can find pretty explanation of prepared statements right here on stack overflow. might check library's documentation mention of "prepared statements" or "binding variables".
Comments
Post a Comment