stackoom
  简体   繁体   中英

Connecting a MySQL table to a DataGridView control in C#

 原文  2016-05-05 21:44:05       c#/ mysql/ datagridview

Question

I'm working on a project where I need to use datagridview in c# I want to do a test, when I do the search for a product by it's number, if the number is incorrect it will display an error, which works fine in my case, and if the number is correct it will display the information related to this product in the datagridview, which doesn't work, it gives me nothing when I type a correct number. here is the code, help me please 

private MySqlDataAdapter mySqlDataAdapter;
private void button1_Click(object sender, EventArgs e)
{
    int n = Convert.ToInt32(t_ref.Text);

    string cs = "datasource=localhost;port=3306;database=stock;username=root;password=;";

    MySqlConnection con = new MySqlConnection(cs);
    try
    {
        con.Open();
    }
    catch (Exception)
    {
        MessageBox.Show("Erreur de connexion à la base de donnée !", "Erreur", MessageBoxButtons.OK, MessageBoxIcon.Error, MessageBoxDefaultButton.Button1);

    }

    string query = "select * from produits where reference = " + n + "; ";
    MySqlCommand cmd = new MySqlCommand(query, con);
    MySqlDataReader dr = cmd.ExecuteReader();

    if (dr.Read())
    {
        dg2.DataSource =dr;

    }
    else
    {
        MessageBox.Show("Aucun élément avec ce reférence a été trouvé !", "Erreur", MessageBoxButtons.OK, MessageBoxIcon.Error, MessageBoxDefaultButton.Button1);
    }
}

2 answers

solution1
 0 ACCPTED  2016-05-05 21:57:19

Use an MySqlDataReader to fill a DataTable and use the DataTable as the DataSource 

string query = "select * from produits where reference = @num";
MySqlCommand cmd = new MySqlCommand(query, con);
cmd.Parameters.Add("@num", MySqlDbType.VarChar).Value =  n; 
DataTable dt = new DataTable();
dt.Load(cmd.ExecuteReader())

if (dt.Rows.Count > 0)
{
    dg2.DataSource =dt;

}
else
{
    MessageBox.Show("Aucun élément avec ce reférence a été trouvé !", "Erreur", MessageBoxButtons.OK, MessageBoxIcon.Error, MessageBoxDefaultButton.Button1);
}

Notice also that a query text should always constructed using parameters and not concatenating string together. If you join together strings received by your user is too easy for a malicious user write something that could destroy your database or reveal confidential informations like username and passwords.

See this famous comic by XKCD

Anoterh important point is to have 

 dg2.AutoGenerateColumns = true;

solution2
 0  2016-05-05 22:00:56

you must add the Apostrophe '' in query like this : 

string query = "select * from produits where reference = '" + n + "'; ";

But I advice you to use the Parameter to avoid sql injections, like this : 

string query = "select * from produits where reference = @reference ";
MySqlCommand cmd = new MySqlCommand(query, con);
cmd.Parameters.Add("@reference ", MySqlDbType.VarChar).Value = n;
MySqlDataReader dr = cmd.ExecuteReader();

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question C# dataGridView Control to show Multiplication Table C# MYSQL multiple table in datagridview c# datagridview control c# datagridview and mysql C# datagridview editing control Connecting mysql and c# Mysql query datagridview c# Use of a DataGridView with C# and MySQL C# MySQL Update - Datagridview C# DataGridView - Table is not populating
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM