如何将mysql查询的结果存储到C＃字符串变量中？ [英] How to store the result of a mysql query into a C# string variable?

问题描述

您好，



我想将mysql查询的结果存储到C＃中的字符串变量中。我尝试使用以下代码，但它无法正常工作。任何人都可以建议一个解决方案。

Hello,

I wanted to store the result of a mysql query into a string variable in C#. I tried using the following code but it is not working. Can anyone please suggest a solution.

MySqlCommand comm = new MySqlCommand("SELECT Employee_Name FROM server_side_user WHERE Employee_Username="+ "'" + currentUser + "'" + "", conn);           
            
MySqlDataReader currentLoggedInUser = comm.ExecuteReader();

while (currentLoggedInUser.Read())
{
    string user = currentLoggedInUser.GetString(0);
}

当我运行上面的代码时，变量currentUsername将包含值false。任何人都可以推荐一个合适的代码吗？



我想将查询结果存储到变量用户。

When I run the above code, the variable currentUsername will contain the value false. Can anybody suggest a proper code?

I want to store the result of the query into the variable user.

推荐答案

正如上面的OriginalGriff所说，你应该总是使用参数化查询来避免SQL注入。



如果你知道你的查询将返回单个值，你应该使用ExecuteScalar方法而不是ExecuteReader。



Ex-

conn.Open（）;

string EmployeeName = comm.ExecuteScalar（）。ToString（）;

Hi,
As said by OriginalGriff above, you should always use parametrized query to avoid SQL Injection.

And if you know your query will return single value, you should use ExecuteScalar method instead of ExecuteReader.

Ex-
conn.Open();
string EmployeeName=comm.ExecuteScalar().ToString();

试试这样...... ..

try like this.... ..

Query("SELECT SaksNummer FROM casetracking")

    public static string Query(string query)
    {
        string x;
        mysqlCon.Open();
        cmd = new MySqlCommand(query, mysqlCon);
        x = cmd.ExecuteScalar().ToString();
        mysqlCon.Close();
        return x;
    }

首先，不要这样做！不要连接字符串以构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度，这可能会破坏您的整个数据库。改为使用参数化查询。



其次，如果您的查询有效，那么您将最后一个返回值加载到user变量中（因为它在循环，最后一个值将覆盖所有其他值） - 然后你将它扔掉而不使用它，因为用户在循环结束时超出范围。



在任何时候你都没有修改甚至引用一个名为 currentUsername 的变量，所以它最后会有与开始时相同的值...



我认为你需要坐下来思考你在这里想要达到的目标 - 因为这看起来很像很混乱的想法，或者旧的把它放在一起希望它通过魔术方法起作用。这些都不是一个好主意......

First off, don''t do it like that! Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.

Second, if your query worked, then you will load the last of any returned values into your "user" variable (because it is in a loop and the last value will overwrite all the others) - and then you will throw it away without using it because "user" goes out of scope at the end of the loop.

At no point do you modify or even reference a variable called currentUsername so it will have the same value at the end as it did at the start...

I think you need to sit down and think about what you are tryingto achieve here - because this looks a lot like either very muddled thinking, or the old "chuck it together and hope it works by magic" approach. Neither of these are a good idea...

这篇关于如何将mysql查询的结果存储到C＃字符串变量中？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！