使用mysql INSERT执行命令时遇到致命错误 [英] Fatal error encountered during command execution with a mysql INSERT
问题描述
我正在尝试在C#中的mySQL数据库上执行INSERT语句:
string value1 =INSERT INTO new_t(id,bid,idate,ino, int,icy)+
VALUES('+ id +','+ bid +','+ idate +','+ ino +',' + int +','ee');
string result = true;
try
{
if(dbConnection.State == System.Data.ConnectionState.Open)
{
MySqlCommand myCmd = new MySqlCommand(value1,dbConnection);
if(myCmd.ExecuteNonQuery()== 0)
result = false;
}
}
catch(NotImplementedException ex)
{
MsgBox(1+ ex.Message + DateTime.Now);
抛出新的NotImplementedException ();
}
catch(exception ex)
{
MsgBox(2+ ex。消息+ DateTime.Now);
抛出新的异常();
}
ret结果;
}
这个失败并出现错误:mysql在命令执行期间遇到致命错误。关于为什么会失败的任何想法?
我尝试过:
i已尝试在本地数据库中,但无法获得此错误。此错误仅在通过IP连接到其他PC DB时出现。
I am trying to execute a INSERT statement on a mySQL DB in C#:
string value1 = "INSERT INTO new_t(id, bid, idate,ino,int,icy) " +
"VALUES ('" + id + "', '" + bid + "', '" + idate + "', '" + ino + "', '" + int + "', 'ee')";
string result = true;
try
{
if (dbConnection.State == System.Data.ConnectionState.Open)
{
MySqlCommand myCmd = new MySqlCommand(value1, dbConnection);
if (myCmd.ExecuteNonQuery() == 0)
result = false;
}
}
catch (NotImplementedException ex)
{
MsgBox("1 " + ex.Message + DateTime.Now);
throw new NotImplementedException();
}
catch (Exception ex)
{
MsgBox("2 " + ex.Message + DateTime.Now);
throw new Exception();
}
return result;
}
This fails with the error: mysql Fatal error encountered during command execution. Any ideas on why this would fail?
What I have tried:
i have try in local DB, but can't get this error. this error only appear in when connect to other PC DB via IP.
推荐答案
无法提供帮助,因为我们需要知道<$ c $的类型和值c> id ,bid
,idate
,ino
和int
。
您还需要显示value1
因为传递参数的方法存在一个称为代码注入的问题。
SQL Injection [ ^ ]
SQL注入 - 维基百科,免费的百科全书 [ ^ ]
Nota:将变量类型用作变量名是个坏主意。
No help can be provided because we need to know the types and values ofid
,bid
,idate
,ino
andint
.
You also need to show the contain ofvalue1
because your method to pass parameters is subject to a problem called code injection.
SQL Injection[^]
SQL injection - Wikipedia, the free encyclopedia[^]
Nota: it is a bad idea to use a variable type as a variable name.
这篇关于使用mysql INSERT执行命令时遇到致命错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!