如何将用户名，密码和id作为参数传递给查询？ [英] How to pass in the username, password, and id as parameters into a query ?

问题描述

无论如何，我可以将用户名，密码和身份证作为参数

传递给查询吗？



我创建了一种方法：



并尝试调用它



this.Update（jen，779，55）;



但我得到了：

Is there anyway i can pass in the username, password, and id as parameters
into a query ?

I created a method to do that:

and tried to call it

this.Update("jen", "779", "55") ;

but i am getting :

An unhandled exception of type 'MySql.Data.MySqlClient.MySqlException' occurred in MySql.Data.dll

Additional information: Unknown column 'user' in 'where clause'

行b
br $> b $ b

at the line

cmd.ExecuteNonQuery();

public void Update(string user, string passw, string ID)
     {


         string query = "UPDATE users SET username= user, password= passw, id= ID  WHERE username= user";

       //string query = "UPDATE users SET username='Joe', password='22', id='33'  WHERE username='Joe'";

 //Open connection
 if (OpenConnection() == true)
 {
     //create mysql command
     MySqlCommand cmd = new MySqlCommand();
     //Assign the query using CommandText
     cmd.CommandText = query;
     //Assign the connection using Connection
     cmd.Connection = connection;

     //Execute query
     cmd.ExecuteNonQuery();

     //close connection
     this.CloseConnection();
 }



     }

< b>我尝试了什么：



* ---------------------- -------------------------------------------------- -------------------------------------------------- -------------------------------------------------- -------------------------------------------------- --------------------

What I have tried:

*--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

推荐答案

这里有两件事不对。

• 通常（取决于您使用的数据库引擎），参数名称在查询字符串中以@为前缀。看起来你在那里是MySQL，这就是那个数据库引擎的情况。这意味着您的查询变为
  
  

There are 2 things amiss here.

• Normally (depending on which database engine you're using), parameter names are prefixed in the query string with an "@". It looks like you're MySQL there, and this is the case for that database engine. This means your query becomes
  

UPDATE users SET username= @user, password= @passw, id= @ID WHERE username= @user

您需要将参数添加到DbCommand对象

You need to add the parameters to the DbCommand object

cmd.Parameters.AddWithValue("@user", user);
cmd.Parameters.AddWithValue("@passw", passw);
cmd.Parameters.AddWithValue("@ID", ID);
...
cmd.ExecuteNonQuery();

您的查询字符串不正确。为什么？

因为

Your query string is incorrect. Why?
Because

username= user

完全按照您的输入发送到服务器。 'user'不会被它的值替换，实际上在很多版本的sql中都考虑了一个列名。





你需要构建字符串，以便在字符串中替换值。例如，字符串中的

is sent to the server exactly as you enter it. 'user' is not replaced by its value and is consider, in fact, a column name in many version of sql.


You need to build the string so that the values are substituted in the string. For example,

username='{0}'

，其中user是它的值。有关如何使用它的其余部分，请参阅参见C＃字符串函数。



请记住在字符串周围包含单引号。在你的字符串的格式一边，你需要它们传递给sql执行。

in your string, where user is it's value. For the rest of how to use this, see See C# string functions.

Remember to include single quotes around strings. on the format side of your string as you need them passed to the sql execution.

这篇关于如何将用户名，密码和id作为参数传递给查询？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！