在C#中使用预处理语句与MySQL [英] Using Prepared Statement in C# with Mysql

查看:511
本文介绍了在C#中使用预处理语句与MySQL的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我试过准备好的声明在我的计划,但没有工作。



部分评论是预处理语句的一部分。当我把它变成正常的说法,一切是正确的。



有人能告诉我,我错过了什么?



非常感谢。

 私人无效btnLogin_Click(对象发件人,EventArgs五)
 {
的MySqlCommand CMD = MySqlConn.cmd; 
 // CMD =新的MySqlCommand(SELECT * FROM admin其中admin_username ='@ VAL1'AND ADMIN_PASSWORD = PASSWORD('@将val2'),MySqlConn.conn); 
 //cmd.Prepare(); 
 //cmd.Parameters.AddWithValue(\"@val1,tboxUserName.Text); 
 //cmd.Parameters.AddWithValue(\"@val2,tboxPassword.Text); 
 CMD =新的MySqlCommand(SELECT * FROM admin其中admin_username ='+ tboxUserName.Text +'AND ADMIN_PASSWORD = PASSWORD('+ tboxPassword.Text +'),MySqlConn.conn); 
 
 MySqlDataReader将解析度= cmd.ExecuteReader(); 
如果(!res.HasRows){MessageBox.Show(错误!); res.Close();返回; } 
,否则
 {
 //做些什么
} 
 res.Close(); 
}


解决方案

尝试删除 从你的查询,并使用准备添加参数后:

  CMD =新的MySqlCommand(SELECT * FROM admin其中admin_username = @ val1和ADMIN_PASSWORD = PASSWORD(@ val2的),MySqlConn.conn); 
 cmd.Parameters.AddWithValue(@ VAL1,tboxUserName.Text); 
 cmd.Parameters.AddWithValue(@ val2的tboxPassword.Text); 
 cmd.Prepare();


I tried prepared statement in my program, but not working.

The part commented is the Prepared Statement part. When I change it into normal statement, everything is right.

Can someone tell me what am I missing?

Many thanks.

private void btnLogin_Click(object sender, EventArgs e)
{
    MySqlCommand cmd = MySqlConn.cmd;
    //cmd = new MySqlCommand("SELECT * FROM admin WHERE admin_username='@val1' AND admin_password=PASSWORD('@val2')", MySqlConn.conn);
    //cmd.Prepare();
    //cmd.Parameters.AddWithValue("@val1", tboxUserName.Text);
    //cmd.Parameters.AddWithValue("@val2", tboxPassword.Text);
    cmd = new MySqlCommand("SELECT * FROM admin WHERE admin_username='"+tboxUserName.Text+"' AND admin_password=PASSWORD('"+tboxPassword.Text+"')", MySqlConn.conn);

    MySqlDataReader res = cmd.ExecuteReader();
    if (!res.HasRows) { MessageBox.Show("Error! "); res.Close(); return; }
    else
    {
        //do something
    }
    res.Close();
}

解决方案

Try removing ' from your query and use Prepare after adding parameters:

cmd = new MySqlCommand("SELECT * FROM admin WHERE admin_username=@val1 AND admin_password=PASSWORD(@val2)", MySqlConn.conn);
cmd.Parameters.AddWithValue("@val1", tboxUserName.Text);
cmd.Parameters.AddWithValue("@val2", tboxPassword.Text);
cmd.Prepare();

这篇关于在C#中使用预处理语句与MySQL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
C#/.NET最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆