mysql阅读器问题ı不明白是什么问题? [英] what is the problem mysql reader problem ı dont understand?

问题描述

MySqlConnection conn =新的MySqlConnection(baglan.connStr);
conn.Open();
sqlll =从`mbs`中选择*.kimlik`，其中id ="" + idd +''和name =''" + Adii +''和surname =""+ soyadii +"''和Father_name =''+ babaadii +"''和birth_day ="+ dogum_tarih +";
MySqlCommand cmd =新的MySqlCommand(sqlll，conn);
MySqlDataReader rdr = cmd.ExecuteReader();
while(rdr.Read())
{
xxxxx
}

一切正常.sqlll查询正常，sqlll没有问题

但是程序无法进入(rdr.read()){}
它要到rdr.close
cmd.close行

ı不理解

MySqlConnection conn = new MySqlConnection(baglan.connStr);
conn.Open();
sqlll = "select * from `mbs`.`kimlik` where id= ''" + idd + "'' and name=''" + Adii + "'' and surname=''" + soyadii + "'' and father_name=''" + babaadii + "'' and birth_day=" + dogum_tarih + "";
MySqlCommand cmd = new MySqlCommand(sqlll, conn);
MySqlDataReader rdr = cmd.ExecuteReader();
while(rdr.Read())
{
xxxxx
}

everything is ok.sqlll query is work there is no problem sqlll

but program not get in while (rdr.read()){}
it is going to rdr.close
cmd.close line

ı dont understand

推荐答案

如果是，仅表示查询结果为空.

现在，对您来说重要的一点是:您正在使用字符串串联来组成查询.这不好. 1)首先，重复的字符串连接无效，因为字符串不可变； 2)更重要的是，这种查询方法容易受到 SQL注入的影响；您应该改用参数化查询.

另请参见:

http://en.wikipedia.org/wiki/SQL_injection [ http://msdn.microsoft.com/en-us/library/ms254953.aspx [ ^ ];

http://stackoverflow.com/questions/652978/parameterized-query-for- mysql-with-c-sharp [ ^ ]，
http://www.dailycoding.com/Posts/addparameterizedqueriesinmysqloledb.aspx [

If so, it simply means that the result of your query is empty.

Now, an important note for you: You are compose your query using string concatenation. This is bad. 1) first, repeated string concatenation is ineffective because string is immutable; 2) more importantly, this method of making a query is considered to be vulnerable to SQL injection; you should use parametrized query instead.

See also:

http://en.wikipedia.org/wiki/SQL_injection[^],
http://msdn.microsoft.com/en-us/library/ms254953.aspx[^];

http://stackoverflow.com/questions/652978/parameterized-query-for-mysql-with-c-sharp[^],
http://www.dailycoding.com/Posts/addparameterizedqueriesinmysqloledb.aspx[^].

—SA

这篇关于mysql阅读器问题ı不明白是什么问题?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！