[英]unable to read from MYSQL
我想在Visual Studio 2010的窗口窗体中显示基于dateTimePicker的P_IN总数,但是在程序无法从MySQL读取数据的地方出现了错误,下面是我的代码。
cmd = new MySqlCommand("SELECT DATE, P_IN FROM Database.CounterDb WHERE DATE = '" + dateTimePicker1.Text + "'", con);
MySqlDataAdapter sdaa = new MySqlDataAdapter(cmd);
DataSet dataa = new DataSet();
sdaa.Fill(dataa, "Database.CounterDb");
reader = cmd.ExecuteReader();
int sum = 0;
while (reader.Read())
{
sum = reader.GetInt32(1) + sum;
}
LCounter.Text = sum.ToString();
此代码确实很危险,您不得将用户输入直接添加到查询中不要使用
cmd = new MySqlCommand("SELECT DATE, P_IN FROM Database.CounterDb WHERE DATE = '" + dateTimePicker1.Text + "'", con);
用户输入可能会打乱查询,日期文本格式不能采用正确的格式
使用此方法(与您一起替换日期格式):
DateTime dt = DateTime.ParseExact(dateTimePicker1.Text, "yyyy-MM-dd HH:mm", CultureInfo.InvariantCulture);
MySqlCommand cmd = new MySqlCommand();
cmd.Connection = con;
cmd.CommandText = "SELECT DATE, P_IN FROM Database.CounterDb WHERE DATE = @dt";
cmd.Prepare();
cmd.Parameters.AddWithValue("@dt", dt);
否则,如果您需要在例如2016-02-20 00:00:00-2016-02-20 23:59:59的范围内进行搜索,则必须查询该日期中的所有条目:
DateTime dt = DateTime.ParseExact(dateTimePicker1.Text, "yyyy-MM-dd HH:mm", CultureInfo.InvariantCulture).Date;
DateTime dt1 = dt.AddDays(1);
cmd.CommandText = "SELECT DATE, P_IN FROM Database.CounterDb WHERE DATE > @dt and DATE <@dt1";
cmd.Prepare();
cmd.Parameters.AddWithValue("@dt", dt);
cmd.Parameters.AddWithValue("@dt1", dt1);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.