1

How can I escape strings in System.Data.SQLite without using parameters? I'm building a potentially large INSERT query like so.

string sql = "INSERT INTO Request (Col1, Col2, Col3) VALUES ";
bool hasValue = false;
foreach (TestItem item in order.Tests)
{
    if (hasValue)
        sql += ", ";
    hasValue = true;

    sql = sql + String.Format("('{1}', '{2}', '{3}')", sql, a, b, c);
}

using (SQLiteCommand command = new SQLiteCommand(sql, _database))
    command.ExecuteNonQuery();

I could break each insert into a separate query, but wouldn't it be more efficient to escape the strings myself? I could generate query parameters dynamically, but couldn't the parameter list get too large?

Improve this question
2
  • 2
    use parameters, you wont overflow anything Commented Feb 8, 2017 at 21:14
  • 1
    if you must do this use stringbuilder Commented Feb 8, 2017 at 21:16

1 Answer 1

Reset to default
2

If efficiency is your concern, I would look at performing multiple inserts separately, with parameters (for safety), but within a Transaction. SQLite performance is terrible when inserting row by row, but if you can wrap all inserts inside a transaction, you will see much better performance.

Here's a good article on this:

https://www.jokecamp.com/blog/make-your-sqlite-bulk-inserts-very-fast-in-c/

And for futher clarification, the article deep links to this FAQ direct from SQLite, which I find helpful:

http://www.sqlite.org/faq.html#q19

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

+1 For answering the underlying question instead of attempting to provide a solution to the suggested workaround.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.