参数化我的查询 [英] Parameterize my queries
问题描述
我被建议参数化我的所有查询。我无法更改查询。当我点击保存没有任何反应。我刷新了我的数据库,它将 metroName1
插入数据库中的Name而不是我在metroName1文本框中输入的内容
I was advised to Parameterize all my queries. I am having trouble changing my queries. when I click save nothing happens. I refeshed my database and it is inserting metroName1
into Name in the database not what I am typing into the metroName1 textbox
UniConnection connection = new UniConnection("Provider=MySQL;host=127.0.0.1;user=###;password=###;database=dscomputers");
try
{
UniCommand cmd = connection.CreateCommand();
cmd.CommandText = "INSERT INTO customer (Name, Mobile, Landline, Othernumber, Address) VALUES (@Name, @Mobile, @Landline, @Othernumber, @Address)";
UniParameter parameter = cmd.Parameters.Add("@Name", UniDbType.VarChar);
parameter.Value = "metroName1";
cmd.Parameters.Add(parameter);
parameter = cmd.Parameters.Add("@Mobile, UniDbType.VarChar);
parameter.Value = "metroMobile2";
cmd.Parameters.Add(parameter);
parameter = cmd.Parameters.Add("@Landline", UniDbType.VarChar);
parameter.Value = "metroLand3";
cmd.Parameters.Add(parameter);
parameter = cmd.Parameters.Add("@Othernumber", UniDbType.VarChar);
parameter.Value = "metroOther5";
cmd.Parameters.Add(parameter);
parameter = cmd.Parameters.Add("@Address", UniDbType.VarChar);
parameter.Value = "metroOther4";
cmd.Parameters.Add(parameter);
connection.Open();
cmd.ExecuteNonQuery();
}
finally
{
connection.Close();
}
}
}
}
我尝试了什么:
我尝试了不同的选择,但似乎无法得到它。我知道我有什么不对,但在
What I have tried:
I've tried different options but cant seem to get it at all. I know I have something wrong but never used Parameterized queries before
推荐答案
之前从未使用过参数化查询。使用
Got it working by using
parameter.Value = metroMobile2.Text;
您要将每个参数添加到集合中两次。您的代码使用的模式:
You are adding each parameter to the collection twice. Your code is using a pattern:
parameter = cmd.Parameters.Add(name, type);
parameter.Value = value;
cmd.Parameters.Add(parameter);
删除最后一个添加(参数)
语句,或使用如下模式:
either remove the last Add(parameter)
statement, or use a pattern like:
parameter = cmd.CreateParameter(name, type);
parameter.Value = value;
cmd.Parameters.Add(parameter);
甚至更改 cmd.CreateParameter
简单地新的SQLParameter
(或者你正在使用的任何Db前缀)
or even change the cmd.CreateParameter
to simply new SQLParameter
(or whichever Db prefix you're using)
正如所指出的,你添加参数集合的参数两次。这会引起一些混乱。您还为参数提供静态值,而不是从UI对象获取它们。这真的是重点,因为所有行都获得相同的值。例如,对于所有文本框,请使用文本属性 [ ^ ]或者如果Windows Forms然后文字 [ ^ ]
此外,您应该正确处理连接和释放资源的命令。您可能会发现阅读以下内容非常有用:正确执行数据库操作 [ ^ ]
哦,还有一件事。切勿在公共论坛上发布用户名或密码。我把它们编辑了。
As pointed out, you add the parameters twice to the parameter collection. This causes some confusion. Also you provide static values for the parameters instead of getting them from UI objects. Is that really the point since all the rows get the same values. Instead for example for all text boxes use the Text property[^] or if Windows Forms then Text[^]
Also you should properly dispose the connection and the command for releasing the resources. You might find reading the following useful: Properly executing database operations[^]
Oh, and one more thing. Never post username or password to public forums. I edited them away.
这篇关于参数化我的查询的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!