从mySql调用存储过程 [英] To call a stored procedure from mySql

问题描述

嗨

我必须调用一个存储过程，当我使用下面给出的代码时，我遇到了异常
在数据库``kcube_intra`''中找不到过程或函数``sp_getUserCredentials(aasdasd，asdasd)`''.
请告诉我我哪里错了

Hi

i have to call a Stored procedure and when i use the code given below i am getting an exception
Procedure or function ''`sp_getUserCredentials(aasdasd,asdasd)`'' cannot be found in database ''`kcube_intra`''.
pl tell me where i am wrong

MySqlConnection con = new MySqlConnection(conn);
con.Open();
MySqlCommand cmd = new MySqlCommand("sp_getUserCredentials(" + Username.Trim() + "," + Password.Trim() + ")", con);
cmd.CommandType = CommandType.StoredProcedure;
int count = Convert.ToInt32(cmd.ExecuteScalar());
return count;

推荐答案

1)请不要那样做.您可能会面对各种问题，包括可能破坏数据库的SQL Injection攻击.请改用参数化查询.

1) Please don''t do it like that. You leave yourself wide open to problems of all sorts, including SQL Injection attacks which could destroy your database. Use Parametrized queries instead.

MySqlCommand cmd = new MySqlCommand("sp_getUserCredentials(@UN, @PW)", con);
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.AddWithValue("@UN", Username.Trim());
cmd.Parameters.AddWithValue("@PW", Password.Trim());
int count = Convert.ToInt32(cmd.ExecuteScalar());

2)切勿以明文形式存储密码-这是主要的安全隐患.这里有一些有关如何执行此操作的信息:密码存储:如何进行 [ ^ ]

这些不会立即解决您的问题，但确实需要解决.

2) Never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^]

These won''t fix your problem immediately, but they do need doing.

您的存储过程是否接受参数?
您将它们传递到哪里?

Is your Store Procedure accept parameter?
Where are you passing them?

这篇关于从mySql调用存储过程的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！