如果未选择,如何设置dateTimePicker文本为空? [英] How to set dateTimePicker text is null if not selected?
本文介绍了如果未选择,如何设置dateTimePicker文本为空?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
您好
我的dateTimePicker有问题。
我想要,
- 在案例1中:我在dateTimePicker中选择日期,它会将此日期添加到MySQL;
- 以防万一2:我没有在dateTimePicker中选择日期,它会向MySQL添加null。
我编写代码,但在情况2中,我没有选择日期,它仍然将当前日期添加到MySQL而不是null。 br />
请问我这个问题。
这是我的代码
字符串日期;
private void dateTimePicker1_ValueChanged( object sender,EventArgs e)
{
if (dateTimePicker1.Checked == true )
{
date = this .dateTimePicker1.Value.ToString( dd-MM-yyyy);
}
else
{
date = null ;
}
}
私有 void btn_add_Click( object sender,EventArgs e)
{
connect_data();
string Query = INSERT into + txt_table.Text + `(ID,Date)值(' + txt_stt。文字+ ',' + date + ');;
MySqlCommand cmdDataBase = new MySqlCommand(Query,conDatabase);
MySqlDataReader myReader;
尝试
{
conDatabase.Open();
myReader = cmdDataBase.ExecuteReader();
MessageBox.Show( SAVE);
while (myReader.Read())
{
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
}
解决方案
:叹息:
不要将字符串连接到构建一个SQL命令。它让您对意外或故意的SQL注入攻击持开放态度,这可能会破坏您的整个数据库。改为使用参数化查询。
当你这样做时,不要先转换为字符串 - 直接发送DateTime值,或者改为DbNull.Value。
1。用于执行INSERT,UPDATE& DELETE查询最好使用ExecuteNonQuery()而不是ExecuteReader()。
2.您的查询容易受到SQLInjection的攻击。使用参数化查询或存储过程来防止SQLInection。
3.您已将空值设置为字符串变量,并且在您的查询中,您将附加一对单引号,这将导致只有一对单引号而不是'null'。这应该导致异常,但如果它保存当前日期,那么只有猜测是确保您没有在数据库中为此字段设置默认值。 (我不确定为什么它不会抛出异常,它应该)
现在忽略所有最佳实践建议,你可以通过应用以下更改来检查 -
if (dateTimePicker1.Checked == true )
{
date = ' + this .dateTimePicker1.Value.ToString( dd-MM-yyyy)+ ';
}
其他
{
date = NULL;
}
和
string Query = INSERT into` + txt_table.Text + `(ID,Date)值(' + txt_stt.Text + ', + date + );
请注意,我已从大约日期删除了单引号。
希望,它有助于: )
你的方法从一开始就是错误的。通过串联从UI获取的字符串组成的查询。不仅重复的字符串连接是低效的(因为字符串是不可变的;我是否必须解释为什么它会使重复连接变坏?),但是有更重要的问题:它打开了通向良好的大门已知的漏洞称为 SQL注入。
这是它的工作原理: http://xkcd.com/327 。
你明白了吗?从控件中获取的字符串可以是任何东西,包括......一段SQL代码。
怎么办?只需阅读有关此问题和主要补救措施:参数化语句: http://en.wikipedia.org/ wiki / SQL_injection 。
使用ADO.NET,使用:http://msdn.microsoft.com/en-us/library/ff648339.aspx 。
请参阅我过去的答案有更多细节:
在com.ExecuteNonQuery中更新EROR( ); ,
嗨名字没有显示在名称中?。
-SA
Hello
I have a problem with dateTimePicker.
I want,
- In case 1: I chose date in dateTimePicker, it will add this date to MySQL;
- And In case 2 : I not chose date in dateTimePicker, it will add null to MySQL.
I write the code, but in case 2, I not chose date, it still add current day to MySQL not null.
Please me this problem.
Here is my code
string date;
private void dateTimePicker1_ValueChanged(object sender, EventArgs e)
{
if (dateTimePicker1.Checked == true)
{
date = this.dateTimePicker1.Value.ToString("dd-MM-yyyy");
}
else
{
date = null;
}
}
private void btn_add_Click(object sender, EventArgs e)
{
connect_data();
string Query = "INSERT into `"+ txt_table.Text+"` (ID,Date) values ('" + txt_stt.Text + "','" +date+ "');";
MySqlCommand cmdDataBase = new MySqlCommand(Query, conDatabase);
MySqlDataReader myReader;
try
{
conDatabase.Open();
myReader = cmdDataBase.ExecuteReader();
MessageBox.Show("SAVE");
while (myReader.Read())
{
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
} 解决方案
:sigh:
Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
And when you do that, don't convert to a string first - either send the DateTime value itself directly, or DbNull.Value instead.
1. For executing INSERT, UPDATE & DELETE queries it's better to use ExecuteNonQuery() instead of ExecuteReader().
2. Your query is vulnerable to SQLInjection. Use parameterized query or stored procedure to prevent SQLInection.
3. You have set null value to a string variable and in your query you are appending that with pair of single quotes which will result in just a pair of single quotes and not 'null'. This should result in exception but if it is saving current date against it then only guess is make sure that you have not set a default value for this field in the database. (I am not sure why it is not throwing exception, which it should)
For now ignoring all the best practices suggestions, you can check by applying the following changes-
if (dateTimePicker1.Checked == true) { date ="'"+ this.dateTimePicker1.Value.ToString("dd-MM-yyyy") +"'"; } else { date="NULL"; }
and
string Query = "INSERT into `"+ txt_table.Text+"` (ID,Date) values ('" + txt_stt.Text + "'," +date+ ");"
Note that I've removed the single quotes from around date.
Hope, it helps :)
Your approach is wrong from the very beginning. The query composed by concatenation with strings taken from UI. Not only repeated string concatenation is inefficient (because strings are immutable; do I have to explain why it makes repeated concatenation bad?), but there is way more important issue: it opens the doors to a well-known exploit called SQL injection.
This is how it works: http://xkcd.com/327.
Are you getting the idea? The string taken from a control can be anything, including… a fragment of SQL code.
What to do? Just read about this problem and the main remedy: parametrized statements: http://en.wikipedia.org/wiki/SQL_injection.
With ADO.NET, use this: http://msdn.microsoft.com/en-us/library/ff648339.aspx.
Please see my past answers for some more detail:
EROR IN UPATE in com.ExecuteNonQuery();,
hi name is not displaying in name?.
—SA
这篇关于如果未选择,如何设置dateTimePicker文本为空?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
