Skip to content

Commit 2e7e4bc

Browse files
PythiansPythians
committed
The right way to do prepared statements
1 parent 91c17ad commit 2e7e4bc

File tree

1 file changed

+27
-0
lines changed

1 file changed

+27
-0
lines changed

src/SQLite.cs

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -852,6 +852,33 @@ public SQLiteCommand CreateCommand (string cmdText, params object[] ps)
852852
return cmd;
853853
}
854854

855+
/// <summary>
856+
/// Creates a new SQLiteCommand given the command text with arguments. Place a "[@:]VVV"
857+
/// in the command text for each of the arguments.
858+
/// </summary>
859+
/// <param name="cmdText">
860+
/// The fully escaped SQL.
861+
/// </param>
862+
/// <param name="args">
863+
/// Arguments to substitute for the occurences of "[@:]VVV" in the command text.
864+
/// </param>
865+
/// <returns>
866+
/// A <see cref="SQLiteCommand" />
867+
/// </returns>
868+
public SQLiteCommand CreateCommand(string cmdText, Dictionary<string, object> args)
869+
{
870+
if (!this._open)
871+
throw SQLiteException.New(SQLite3.Result.Error, "Cannot create commands from unopened database");
872+
873+
SQLiteCommand cmd = NewCommand();
874+
cmd.CommandText = cmdText;
875+
foreach (var kv in args)
876+
{
877+
cmd.Bind(kv.Key, kv.Value);
878+
}
879+
return cmd;
880+
}
881+
855882
/// <summary>
856883
/// Creates a SQLiteCommand given the command text (SQL) with arguments. Place a '?'
857884
/// in the command text for each of the arguments and then executes that command.

0 commit comments

Comments
 (0)