Merge pull request praeclarum#856 from Pythians/master

praeclarum · web-flow · commit 3584a6d8454a · 2020-05-15T19:16:33.000-07:00
Issues: The right way to do prepared statements
diff --git a/src/SQLite.cs b/src/SQLite.cs
@@ -871,6 +871,33 @@ public SQLiteCommand CreateCommand (string cmdText, params object[] ps)
 			return cmd;
 		}
 
+		/// <summary>
+        ///     Creates a new SQLiteCommand given the command text with arguments. Place a "[@:]VVV"
+        ///     in the command text for each of the arguments.
+        /// </summary>
+        /// <param name="cmdText">
+        ///     The fully escaped SQL.
+        /// </param>
+        /// <param name="args">
+        ///     Arguments to substitute for the occurences of "[@:]VVV" in the command text.
+        /// </param>
+        /// <returns>
+        ///     A <see cref="SQLiteCommand" />
+        /// </returns>
+        public SQLiteCommand CreateCommand(string cmdText, Dictionary<string, object> args)
+        {
+            if (!this._open)
+                throw SQLiteException.New(SQLite3.Result.Error, "Cannot create commands from unopened database");
+
+            SQLiteCommand cmd = NewCommand();
+            cmd.CommandText = cmdText;
+            foreach (var kv in args)
+            {
+                cmd.Bind(kv.Key, kv.Value);
+            }
+            return cmd;
+        }
+
 		/// <summary>
 		/// Creates a SQLiteCommand given the command text (SQL) with arguments. Place a '?'
 		/// in the command text for each of the arguments and then executes that command.
