在C#中将MySQL表连接到DataGridView控件
[英]Connecting a MySQL table to a DataGridView control in C#
问题描述
I'm working on a project where I need to use datagridview in c# I want to do a test, when I do the search for a product by it's number, if the number is incorrect it will display an error, which works fine in my case, and if the number is correct it will display the information related to this product in the datagridview, which doesn't work, it gives me nothing when I type a correct number. 
我正在一个项目中需要在C#中使用datagridview,我想做一个测试,当我按编号搜索产品时,如果编号不正确,则会显示错误,这在我的作品中可以正常使用的情况下,如果数字正确,它将在datagridview中显示与该产品相关的信息,这是行不通的,当我输入正确的数字时,它什么也没有给我。 here is the code, help me please 这是代码,请帮帮我
private MySqlDataAdapter mySqlDataAdapter;
private void button1_Click(object sender, EventArgs e)
{
int n = Convert.ToInt32(t_ref.Text);
string cs = "datasource=localhost;port=3306;database=stock;username=root;password=;";
MySqlConnection con = new MySqlConnection(cs);
try
{
con.Open();
}
catch (Exception)
{
MessageBox.Show("Erreur de connexion à la base de donnée !", "Erreur", MessageBoxButtons.OK, MessageBoxIcon.Error, MessageBoxDefaultButton.Button1);
}
string query = "select * from produits where reference = " + n + "; ";
MySqlCommand cmd = new MySqlCommand(query, con);
MySqlDataReader dr = cmd.ExecuteReader();
if (dr.Read())
{
dg2.DataSource =dr;
}
else
{
MessageBox.Show("Aucun élément avec ce reférence a été trouvé !", "Erreur", MessageBoxButtons.OK, MessageBoxIcon.Error, MessageBoxDefaultButton.Button1);
}
}
2 个解决方案
解决方案1
0 已采纳 2016-05-05 21:57:19
Use an MySqlDataReader to fill a DataTable and use the DataTable as the DataSource 使用MySqlDataReader填充DataTable并将DataTable用作数据源
string query = "select * from produits where reference = @num";
MySqlCommand cmd = new MySqlCommand(query, con);
cmd.Parameters.Add("@num", MySqlDbType.VarChar).Value = n;
DataTable dt = new DataTable();
dt.Load(cmd.ExecuteReader())
if (dt.Rows.Count > 0)
{
dg2.DataSource =dt;
}
else
{
MessageBox.Show("Aucun élément avec ce reférence a été trouvé !", "Erreur", MessageBoxButtons.OK, MessageBoxIcon.Error, MessageBoxDefaultButton.Button1);
}
Notice also that a query text should always constructed using parameters and not concatenating string together. 还要注意,查询文本应始终使用参数构造,而不是将字符串串联在一起。 If you join together strings received by your user is too easy for a malicious user write something that could destroy your database or reveal confidential informations like username and passwords. 如果您将用户收到的字符串连接在一起,那么对于恶意用户而言,写这些东西可能会破坏您的数据库或泄露机密信息,例如用户名和密码。
See this famous comic by XKCD 观看XKCD的这部著名漫画
Anoterh important point is to have Anoterh重要的一点是
dg2.AutoGenerateColumns = true;
解决方案2
0 2016-05-05 22:00:56
you must add the Apostrophe '' in query like this : 您必须在查询中添加Apostrophe'',如下所示:
string query = "select * from produits where reference = '" + n + "'; ";
But I advice you to use the Parameter to avoid sql injections, like this : 但我建议您使用Parameter避免sql注入,如下所示:
string query = "select * from produits where reference = @reference ";
MySqlCommand cmd = new MySqlCommand(query, con);
cmd.Parameters.Add("@reference ", MySqlDbType.VarChar).Value = n;
MySqlDataReader dr = cmd.ExecuteReader();
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.