mysql阅读器问题ı不明白是什么问题? [英] what is the problem mysql reader problem ı dont understand?
问题描述
MySqlConnection conn =新的MySqlConnection(baglan.connStr);
conn.Open();
sqlll =从`mbs`中选择*.kimlik`,其中id ="" + idd +''和name =''" + Adii +''和surname =""+ soyadii +"''和Father_name =''+ babaadii +"''和birth_day ="+ dogum_tarih +";
MySqlCommand cmd =新的MySqlCommand(sqlll,conn);
MySqlDataReader rdr = cmd.ExecuteReader();
while(rdr.Read())
{
xxxxx
}
一切正常.sqlll查询正常,sqlll没有问题
但是程序无法进入(rdr.read()){}
它要到rdr.close
cmd.close行
ı不理解
MySqlConnection conn = new MySqlConnection(baglan.connStr);
conn.Open();
sqlll = "select * from `mbs`.`kimlik` where id= ''" + idd + "'' and name=''" + Adii + "'' and surname=''" + soyadii + "'' and father_name=''" + babaadii + "'' and birth_day=" + dogum_tarih + "";
MySqlCommand cmd = new MySqlCommand(sqlll, conn);
MySqlDataReader rdr = cmd.ExecuteReader();
while(rdr.Read())
{
xxxxx
}
everything is ok.sqlll query is work there is no problem sqlll
but program not get in while (rdr.read()){}
it is going to rdr.close
cmd.close line
ı dont understand
推荐答案
如果是,仅表示查询结果为空.
现在,对您来说重要的一点是:您正在使用字符串串联来组成查询.这不好. 1)首先,重复的字符串连接无效,因为字符串不可变; 2)更重要的是,这种查询方法容易受到 SQL注入的影响;您应该改用参数化查询.
另请参见:
http://en.wikipedia.org/wiki/SQL_injection [ http://msdn.microsoft.com/en-us/library/ms254953.aspx [ ^ ];
http://stackoverflow.com/questions/652978/parameterized-query-for- mysql-with-c-sharp [ ^ ],
http://www.dailycoding.com/Posts/addparameterizedqueriesinmysqloledb.aspx [
If so, it simply means that the result of your query is empty.
Now, an important note for you: You are compose your query using string concatenation. This is bad. 1) first, repeated string concatenation is ineffective because string is immutable; 2) more importantly, this method of making a query is considered to be vulnerable to SQL injection; you should use parametrized query instead.
See also:
http://en.wikipedia.org/wiki/SQL_injection[^],
http://msdn.microsoft.com/en-us/library/ms254953.aspx[^];
http://stackoverflow.com/questions/652978/parameterized-query-for-mysql-with-c-sharp[^],
http://www.dailycoding.com/Posts/addparameterizedqueriesinmysqloledb.aspx[^].
—SA
这篇关于mysql阅读器问题ı不明白是什么问题?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!