如何使用文本框中的输入并在C#中的mysql查询中使用它
[英]How to use input from a textbox and use it in a mysql query in C#
问题描述
Code: 
码:
string connString = "SERVER=;UID=;PASSWORD=;DATABASE=;";
MySqlConnection connect = new MySqlConnection(connString);
MySqlCommand myCommand = connect.CreateCommand();
string input = textBox4.Text;
myCommand.CommandText = "SELECT * FROM project WHERE Id = @input";
connect.Open();
MySqlDataReader reader = myCommand.ExecuteReader();
if (reader.Read())
textBox1.Text = reader["Name"].ToString();
connect.Close();
I am trying to use data from a form textbox (textBox4) and pass that input into a mysql query. 我试图使用来自表单文本框(textBox4)的数据,并将该输入传递到mysql查询中。
The program works by the user inputting their id number and the form outputs their name into another textbox (textBox1). 该程序通过用户输入其ID号来工作,该窗体将其名称输出到另一个文本框(textBox1)。
When I use either the string 'input' or textBox4.Text itself I get an error message which is: "Fatal error encountered during command execution." 当我使用字符串'input'或textBox4.Text本身时,我收到一条错误消息:“命令执行期间遇到致命错误”。
However if I manually type in a correct id number in the code itself it returns the correct vaule 但是,如果我在代码本身中手动输入正确的ID号,则会返回正确的值
New to C# and mysql sorry for any big errors. C#和mysql的新功能很抱歉出现任何重大错误。
2 个解决方案
解决方案1
3 2013-06-21 18:02:45
Here is what I would do in your case: 在您的情况下,这就是我要做的:
string connString = "SERVER=;UID=;PASSWORD=;DATABASE=;";
MySqlConnection connect = new MySqlConnection(connString);
MySqlCommand myCommand = connect.CreateCommand();
string input = textBox4.Text;
myCommand.CommandText = "SELECT * FROM project WHERE Id = @input";
myCommand.Parameters.Add("@input", SqlDbType.Int).Value = Convert.ToInt32(textBox4.Text);
connect.Open();
MySqlDataReader reader = myCommand.ExecuteReader();
if (reader.Read())
textBox1.Text = reader["Name"].ToString();
connect.Close();
As you can see in the example above I am doing two things: 如您在上面的示例中看到的,我正在做两件事:
- Sanitizing the input by using a SqlParameter and, 使用SqlParameter清理输入,然后
- Converting the value of "@input" to a number; 将“ @input”的值转换为数字; which is the assumption based on your question. 这是基于您的问题的假设。
Best of luck to you, and please continue learning! 祝您好运,请继续学习!
解决方案2
2 已采纳 2013-06-21 17:55:58
You're almost there, actually. 实际上,您快要到了。 You're using a parameter ( @input ) and not concatenating strings ( "select .. " + text + " from ..." ), which is wrong for many reasons. 您正在使用参数( @input )而不是连接字符串( "select .. " + text + " from ..." ),这是错误的,原因有很多。
Just tell your command how to replace that parameter. 只需告诉您的命令如何替换该参数即可。 I guess it's something like this (not sure for MySQL): 我猜是这样的(对于MySQL不确定):
myCommand.Parameters.Add("@input", SqlDbType.Int).Value = Convert.ToInt32(textBox4.Text);
Note that I'm assuming that Id is of type SqlDbType.Int . 请注意,我假设Id为SqlDbType.Int类型。 You may change it accordingly. 您可以相应地更改它。
You must do this before calling myCommand.ExecuteReader() . 您必须在调用myCommand.ExecuteReader() 之前执行此操作。 Most likely, you'll put this line after myCommand.CommandText = "..."; 最有可能的是,将此行放在myCommand.CommandText = "...";之后myCommand.CommandText = "..."; . 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.