![]() The When to Use section of the SQLite web site has this to say about using SQLite with web sites: This improves performance for database writes. One way to help mitigate this is to enable Write-Ahead Logging by setting the SQLiteDatabase.WriteAheadLogging property to True for your SQLite database. If your database writes are infrequent, short and fast this may never be a problem. Because SQLite is file-based, multiple users connected to your web app cannot write to the file at the same time. SQLite is a file-based database and can be a great alternative to a database server for small to medium web sites that do not have a significant amount of database writing. Using SQLite instead of a database server They are a little more work to use but are far more efficient when quickly and repeatedly performing the same query over and over:įor example, to query the Person table for specific values you would use a PreparedStatement like this: In either of these cases, use the Prepared Statement classes. ![]() The second would be if you need to access a special column type specific to a particular database engine. First, if you need to perform the same Select repeatedly (in a loop for example), then it's not efficient to use the Prepared Statements that are built-in to the SelectSQL method because your code would be setting them up every time it did a Select. However, there are two situations where they won't work. The SelectSQL method has built-in support for Prepared Statements. With Prepared Statements you supply the SQL statement and any user-provided data separately allowing the database engine to them determine if the data contains any SQL commands and reject it is that's the case. Whether you are using SQLite or another database server, to avoid a security risk called SQL Injection you should always use Prepared Statements with any SQL statements that have parameters supplied by user input. Protecting your database from hackers with Prepared Statements
0 Comments
Leave a Reply. |