C＃与MySQL INSERT参数 [英] C# with MySQL INSERT parameters

问题描述

好日子所有，我使用Visual C＃2010和MySQL版本48年1月5日社区。我希望你能帮助我这个code。我不觉得它的工作在我身上。我缺少什么？

Good day to all, I'm using Visual C# 2010 and MySQL Version 5.1.48-community. I hope you can help me with this code. I don't find it working on me. What am I missing?

string connString = ConfigurationManager.ConnectionStrings["default"].ConnectionString;
MySqlConnection conn = new MySqlConnection(connString);
conn.Open();
MySqlCommand comm = conn.CreateCommand();
comm.CommandText = "INSERT INTO room(person,address) VALUES(@person, @address)";
comm.Parameters.Add("@person", "Myname");
comm.Parameters.Add("@address", "Myaddress");
comm.ExecuteNonQuery();
conn.Close();

当我尝试编译它。它说：

And when I try to compile it. It says:

Person列不能为空

Person column cannot be null

编辑：

但是，当我尝试这个code。

But when I try this code.

comm.CommandText = "INSERT INTO room(person,address) VALUES('Myname', 'Myaddress')";

但是，这code是容易SQL注入攻击，但它的工作原理，并没有给我一个错误。

But this code is prone to sql injection attack but it works, doesn't gives me an error.

编辑：

我试图用这个。我发现它这里所以我认为这会工作，但给了我这个误差

I tried to use this. I found it here so I thought It would work but gives me this error

索引（从零开始）必须大于或等于零且小于
  尺寸参数列表。

Index (zero based) must be greater than or equal to zero and less than the size of the argument list.

任何想法？

    string a = "myname";
    MySqlCommand cmd = new MySqlCommand();
    cmd.Connection = conn;
    cmd.CommandText = "INSERT INTO room(person,address) VALUES(?,?)";
    //cmd.Prepare();

    cmd.Parameters.Add("person", MySqlDbType.VarChar).Value = a;
    cmd.Parameters.Add("address", MySqlDbType.VarChar).Value = "myaddress";
    cmd.ExecuteNonQuery(); // HERE I GOT AN EXCEPTION IN THIS LINE

任何帮助将是非常美联社preciated。

Any help would be much appreciated.

编辑：
解决
我用这个code：

EDITED: SOLVED I used this code:

cmd.CommandText = "INSERT INTO room(person,address) VALUES(?person,?address)";
cmd.Parameters.Add("?person", MySqlDbType.VarChar).Value = "myname";
cmd.Parameters.Add("?address", MySqlDbType.VarChar).Value = "myaddress";
cmd.ExecuteNonQuery();

太感谢！

推荐答案

您可以使用 AddWithValue 方法如下：

string connString = ConfigurationManager.ConnectionStrings["default"].ConnectionString;
MySqlConnection conn = new MySqlConnection(connString);
conn.Open();
MySqlCommand comm = conn.CreateCommand();
comm.CommandText = "INSERT INTO room(person,address) VALUES(@person, @address)";
comm.Parameters.AddWithValue("@person", "Myname");
comm.Parameters.AddWithValue("@address", "Myaddress");
comm.ExecuteNonQuery();
conn.Close();

或

与 尝试，而不是的@ ，如：

string connString = ConfigurationManager.ConnectionStrings["default"].ConnectionString;
MySqlConnection conn = new MySqlConnection(connString);
conn.Open();
MySqlCommand comm = conn.CreateCommand();
comm.CommandText = "INSERT INTO room(person,address) VALUES(?person, ?address)";
comm.Parameters.Add("?person", "Myname");
comm.Parameters.Add("?address", "Myaddress");
comm.ExecuteNonQuery();
conn.Close();

希望它可以帮助...

Hope it helps...

这篇关于C＃与MySQL INSERT参数的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！