在C#中使用预处理语句与MySQL [英] Using Prepared Statement in C# with Mysql
本文介绍了在C#中使用预处理语句与MySQL的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我试过准备好的声明在我的计划,但没有工作。
部分评论是预处理语句的一部分。当我把它变成正常的说法,一切是正确的。
有人能告诉我,我错过了什么?
非常感谢。
私人无效btnLogin_Click(对象发件人,EventArgs五)
{
的MySqlCommand CMD = MySqlConn.cmd;
// CMD =新的MySqlCommand(SELECT * FROM admin其中admin_username ='@ VAL1'AND ADMIN_PASSWORD = PASSWORD('@将val2'),MySqlConn.conn);
//cmd.Prepare();
//cmd.Parameters.AddWithValue(\"@val1,tboxUserName.Text);
//cmd.Parameters.AddWithValue(\"@val2,tboxPassword.Text);
CMD =新的MySqlCommand(SELECT * FROM admin其中admin_username ='+ tboxUserName.Text +'AND ADMIN_PASSWORD = PASSWORD('+ tboxPassword.Text +'),MySqlConn.conn);
MySqlDataReader将解析度= cmd.ExecuteReader();
如果(!res.HasRows){MessageBox.Show(错误!); res.Close();返回; }
,否则
{
//做些什么
}
res.Close();
}
解决方案
尝试删除
从你的查询,并使用准备
添加参数后:
CMD =新的MySqlCommand(SELECT * FROM admin其中admin_username = @ val1和ADMIN_PASSWORD = PASSWORD(@ val2的),MySqlConn.conn);
cmd.Parameters.AddWithValue(@ VAL1,tboxUserName.Text);
cmd.Parameters.AddWithValue(@ val2的tboxPassword.Text);
cmd.Prepare();
I tried prepared statement in my program, but not working.
The part commented is the Prepared Statement part. When I change it into normal statement, everything is right.
Can someone tell me what am I missing?
Many thanks.
private void btnLogin_Click(object sender, EventArgs e)
{
MySqlCommand cmd = MySqlConn.cmd;
//cmd = new MySqlCommand("SELECT * FROM admin WHERE admin_username='@val1' AND admin_password=PASSWORD('@val2')", MySqlConn.conn);
//cmd.Prepare();
//cmd.Parameters.AddWithValue("@val1", tboxUserName.Text);
//cmd.Parameters.AddWithValue("@val2", tboxPassword.Text);
cmd = new MySqlCommand("SELECT * FROM admin WHERE admin_username='"+tboxUserName.Text+"' AND admin_password=PASSWORD('"+tboxPassword.Text+"')", MySqlConn.conn);
MySqlDataReader res = cmd.ExecuteReader();
if (!res.HasRows) { MessageBox.Show("Error! "); res.Close(); return; }
else
{
//do something
}
res.Close();
}
解决方案
Try removing '
from your query and use Prepare
after adding parameters:
cmd = new MySqlCommand("SELECT * FROM admin WHERE admin_username=@val1 AND admin_password=PASSWORD(@val2)", MySqlConn.conn);
cmd.Parameters.AddWithValue("@val1", tboxUserName.Text);
cmd.Parameters.AddWithValue("@val2", tboxPassword.Text);
cmd.Prepare();
这篇关于在C#中使用预处理语句与MySQL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文