// This returns a count of 1, so the table does exist, and I know the user exists becaue I have just added him in...
Int32 tableCount = database.Query(map, "SELECT * FROM sqlite_master WHERE type = 'table' AND name = 'UserTable'", ps).Count;
//but when I try this the count is 0....what am I doing wrong?
Int32 tableCount2 = database.Query(map, "SELECT * FROM sqlite_master WHERE type = 'table' AND name = 'UserTable' AND NameOfUser = '" + personsName + "'", ps).Count;
t
试图查看用户是否存在...我在做什么错?
SQL注入
[首先,我想说这段代码容易受到SQL注入的攻击。
为什么查询不起作用?
因为我想,'NameOfUser'不是sqlite_master的列,而是UserTable的列。
sqlite_master由以下各列组成:
type
name
tbl_name
rootpage
sql
我该如何运作?
Int32 tableCount2 = database.Query(map, "SELECT * FROM UserTable WHERE NameOfUser = '" + personsName + "'", ps).Count;
但是,如前所述,最好使用C#SQLite准备好的语句来防止SQL注入,请检查以下内容:C# SQLite tutorial并搜索'prepared'
请在工作时将其标记为答案。
CU