2

So I am using the System.Data.SQLite library, to store some data locally on my pc, from a database. The problem is though there are two column entrys, which are GUID (unique ID's which are defined as the following: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx). And the compiler always throws an error, when he comes to the first "-" char. I know that DATE uses YYYY-MM-DD syntax e.g. can it be, that this collides in some way?

Here is the code row:

sqlString = $"insert into completelocalmessages (Date, Sender, Message, Receiver, ID) values({message.Date.Year}-{message.Date.Month}-{message.Date.Day}, {message.From.ToString()}, {message.Message}, {message.To.ToString()}, {message.ID})";

The Date is of type Date, Sender and receiver are the GUID's, Message is a string and ID is an integer. The table is defined like this:

sqlString = "create table completelocalmessages (Date date, Sender Text(30), Message Text(400), Receiver Text(30), ID int)";
Roy Mustang
  • 139
  • 1
  • 10
  • 2
    You need to use single quotes around your text and date values. Also, using ToString() inside string interpolation is redundant and not needed. – hawkstrider Jun 17 '22 at 14:58
  • 1
    where are the guid fields? Also generally in raw sql dates and strings (and guids stored as strings!) must enclosed in single quotes - if you are just entering 2022-01-01 it probably should be '2022-01-01' - it is generally best to use parameterized queries if you have time to look into that. – topsail Jun 17 '22 at 14:59
  • This answer might help you https://stackoverflow.com/questions/71322518/sql-statement-for-creating-new-data-into-three-tables-at-once-c-sharp/71326914#71326914 Sample on creating database, tables and doing insert, updates and queries via objects, not manually created text strings which can always leave you wide-open to SQL-Injection when done incorrectly. – DRapp Jun 17 '22 at 15:02
  • @hawkstrider so you mean 'xxx' instead of " "? Where are the differences? So do I have to quote the whole string with 'xx'? – Roy Mustang Jun 17 '22 at 18:51
  • 1
    quote strings with single quotes. SQL in general uses single quotes around literal text and (usually) dates as well. 'xxx' is simple by way of example. Not the whole string - the text in the SQL string: `mySqlString = "update table set first_name = 'kermit', last_name = 'frog';"` - the double quotes are because you are using C# to create a string, the single quotes are for the literal text in the SQL command itself. – topsail Jun 17 '22 at 19:02

0 Answers0