如何将用户名,密码和id作为参数传递给查询? [英] How to pass in the username, password, and id as parameters into a query ?
问题描述
无论如何,我可以将用户名,密码和身份证作为参数
传递给查询吗?
我创建了一种方法:
并尝试调用它
this.Update(jen,779,55);
但我得到了:
Is there anyway i can pass in the username, password, and id as parameters
into a query ?
I created a method to do that:
and tried to call it
this.Update("jen", "779", "55") ;
but i am getting :
An unhandled exception of type 'MySql.Data.MySqlClient.MySqlException' occurred in MySql.Data.dll
Additional information: Unknown column 'user' in 'where clause'
行b
br $> b $ b
at the line
cmd.ExecuteNonQuery();
public void Update(string user, string passw, string ID)
{
string query = "UPDATE users SET username= user, password= passw, id= ID WHERE username= user";
//string query = "UPDATE users SET username='Joe', password='22', id='33' WHERE username='Joe'";
//Open connection
if (OpenConnection() == true)
{
//create mysql command
MySqlCommand cmd = new MySqlCommand();
//Assign the query using CommandText
cmd.CommandText = query;
//Assign the connection using Connection
cmd.Connection = connection;
//Execute query
cmd.ExecuteNonQuery();
//close connection
this.CloseConnection();
}
}
< b>我尝试了什么:
* ---------------------- -------------------------------------------------- -------------------------------------------------- -------------------------------------------------- -------------------------------------------------- --------------------
What I have tried:
*--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
推荐答案
这里有两件事不对。
- 通常(取决于您使用的数据库引擎),参数名称在查询字符串中以@为前缀。看起来你在那里是MySQL,这就是那个数据库引擎的情况。这意味着您的查询变为
There are 2 things amiss here.
- Normally (depending on which database engine you're using), parameter names are prefixed in the query string with an "@". It looks like you're MySQL there, and this is the case for that database engine. This means your query becomes
UPDATE users SET username= @user, password= @passw, id= @ID WHERE username= @user
cmd.Parameters.AddWithValue("@user", user);
cmd.Parameters.AddWithValue("@passw", passw);
cmd.Parameters.AddWithValue("@ID", ID);
...
cmd.ExecuteNonQuery();
您的查询字符串不正确。为什么?
因为
Your query string is incorrect. Why?
Because
username= user
完全按照您的输入发送到服务器。 'user'不会被它的值替换,实际上在很多版本的sql中都考虑了一个列名。
你需要构建字符串,以便在字符串中替换值。例如,字符串中的
is sent to the server exactly as you enter it. 'user' is not replaced by its value and is consider, in fact, a column name in many version of sql.
You need to build the string so that the values are substituted in the string. For example,
username='{0}'
,其中user是它的值。有关如何使用它的其余部分,请参阅参见C#字符串函数。
请记住在字符串周围包含单引号。在你的字符串的格式一边,你需要它们传递给sql执行。
in your string, where user is it's value. For the rest of how to use this, see See C# string functions.
Remember to include single quotes around strings. on the format side of your string as you need them passed to the sql execution.
这篇关于如何将用户名,密码和id作为参数传递给查询?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!