将文本框中的数据添加到托管的mysql数据库中 [英] Adding data from text boxes into a hosted mysql database
本文介绍了将文本框中的数据添加到托管的mysql数据库中的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
大家好。我试图将文本框中的值插入名为employee的表中。执行查询时没有发生错误但是没有添加值。我的代码如下:
Hi everyone. I am trying to insert values from text-boxes into a table named employee. There are no errors occurring when I execute the query but the values aren''t being added. My code is as follows:
private void InsertEmployee()
{
string connectionSQL = "server=sql.byethost27.org;user id=xxxxx;password=xxxxx;database=xxxxx";
MySqlConnection conn = new MySqlConnection(connectionSQL);
try
{
conn.Open();
MySqlCommand cmd = new MySqlCommand("INSERT INTO Employee (Name,Address,City,State, ZipCode,Phone,Cell,DOB,Email,Start) VALUES (''" + name.Text + "'', ''" + Address.Text + "'', ''" + City.Text + "'', ''" + State.Text + "'', ''" + ZipCode.Text + "'', ''" + Phone.Text + "'', ''" + datePicker1.Text + "'', ''" + cell.Text + "'', ''" +Email.Text + "'', ''" + Start +"'')", conn);
conn.Close();
}
catch (MySqlException ex)
{
MessageBox.Show("Can''t connect to database\n" + ex.ToString());
}
}
您可以给予我的任何帮助将非常感谢
非常感谢
Emma
Any help you can give me would be much appreciated
Many Thanks
Emma
推荐答案
一些事情:
1你永远不会调用.ExecuteNonQuery()方法来更新数据库。
2.你正在为sql注入攻击做好准备。研究参数化的quereis以防止这种情况。
A couple things:
1. You never call the .ExecuteNonQuery() method to update the database.
2. You are setting yourself up for sql injection attacks. Research parameterized quereis to prevent that.
1。 cmd.ExecuteNonQuery();在关闭连接之前调用
2.如果用户放入任何或者任何sql查询,则使用参数化查询,则此查询将无法正确形成。使用参数u将阻止Sql注入攻击。
3.始终关闭并在finally块中处置连接,否则如果cmd.ExecuteNonQuery()中存在任何异常,则连接将保持打开状态。
1. cmd.ExecuteNonQuery() ; is to be called before closing connection
2. use parameterized query other wise if user puts any , or '' or any sql query then this query will not be formed properly. Using parameter u will prevent Sql Injection attack.
3. Always close and dispose connection in finally block otherwise if there is any exception in cmd.ExecuteNonQuery() the connection will remain open .
是的,他们说了什么。加上参数将允许您避免将datePicker1作为文本传递并使用正确的类型 - 您 将它存储在日期中不是吗?
Yeah, what they said. Plus parameters will allow you to avoid passing datePicker1 as Text and use the correct type -- you are storing it in a date aren''t you?
这篇关于将文本框中的数据添加到托管的mysql数据库中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
