如何将 C# 值插入到 MySql?
How to Insert C# values to MySql?
我想将 C# winform 值插入到 Mysql
有 3 列
name,id为TextBox文本,gender为ComboBox值
但是有错误,错误消息说:MySql.Data.MySqlClient.MySqlException: 'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '',')' at line 1'
我应该修复什么代码?
using (MySqlConnection conn2 = new MySqlConnection(strconn))
{
conn2.Open();
string query = "INSERT INTO student1(name,id,gender) values ('" + name3.Text + "'," + id3.Text + "'," + gender3.SelectedValue+"');";
MySqlCommand cmd = new MySqlCommand(query, conn2);
cmd.ExecuteNonQuery();
}
您在 name3.Text 和 id3.Text 之间以及 id3.Text 和 gender3.SelectedValue
之间的连接字符串文字中缺少单引号
不过应该没关系。如果您像这样连接 user-supplied 个字符串,您的系统被破坏只是时间问题。有一种更好的方法可以避免这种风险,使您的 SQL 语句更容易正确,并且运行速度更快。
//This could be marked const!
string query = "INSERT INTO student1(name,id,gender) values (@name, @id, @gender);";
using (var conn2 = new MySqlConnection(strconn))
using (var cmd = new MySqlCommand(query, conn2))
{
//I have to guess, but you can find exact column types/lengths from your db
//Do not use AddWithValue()!
// MySql is less at risk for the AddWithValue() performance issues
// than Sql Server but the risk isn't completely eliminated.
cmd.Parameters.Add("@name", MySqlDbType.VarChar, 30).Value = name3.Text;
cmd.Parameters.Add("@id", MySqlDbType.VarChar, 50).Value = id3.Text;
cmd.Parameters.Add("@gender", MySqlDbType.VarChar, 5).Value = gender3.SelectedValue;
conn2.Open();
cmd.ExecuteNonQuery();
}
using (MySqlConnection conn2 = new MySqlConnection(strconn))
{
String query = "INSERT INTO student1(name,id,gender) values (@name,@id,@gender)";
MySqlCommand = new MySqlCommand(query, conn2);
command.Parameters.AddWithValue("@name", name3.Text);
command.Parameters.AddWithValue("@id", id3.Text);
command.Parameters.AddWithValue("@gender", gender3.SelectedValue.ToString());
command.ExecuteNonQuery();
}
使用需要使用参数
我想将 C# winform 值插入到 Mysql
有 3 列
name,id为TextBox文本,gender为ComboBox值
但是有错误,错误消息说:MySql.Data.MySqlClient.MySqlException: 'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '',')' at line 1'
我应该修复什么代码?
using (MySqlConnection conn2 = new MySqlConnection(strconn))
{
conn2.Open();
string query = "INSERT INTO student1(name,id,gender) values ('" + name3.Text + "'," + id3.Text + "'," + gender3.SelectedValue+"');";
MySqlCommand cmd = new MySqlCommand(query, conn2);
cmd.ExecuteNonQuery();
}
您在 name3.Text 和 id3.Text 之间以及 id3.Text 和 gender3.SelectedValue
不过应该没关系。如果您像这样连接 user-supplied 个字符串,您的系统被破坏只是时间问题。有一种更好的方法可以避免这种风险,使您的 SQL 语句更容易正确,并且运行速度更快。
//This could be marked const!
string query = "INSERT INTO student1(name,id,gender) values (@name, @id, @gender);";
using (var conn2 = new MySqlConnection(strconn))
using (var cmd = new MySqlCommand(query, conn2))
{
//I have to guess, but you can find exact column types/lengths from your db
//Do not use AddWithValue()!
// MySql is less at risk for the AddWithValue() performance issues
// than Sql Server but the risk isn't completely eliminated.
cmd.Parameters.Add("@name", MySqlDbType.VarChar, 30).Value = name3.Text;
cmd.Parameters.Add("@id", MySqlDbType.VarChar, 50).Value = id3.Text;
cmd.Parameters.Add("@gender", MySqlDbType.VarChar, 5).Value = gender3.SelectedValue;
conn2.Open();
cmd.ExecuteNonQuery();
}
using (MySqlConnection conn2 = new MySqlConnection(strconn))
{
String query = "INSERT INTO student1(name,id,gender) values (@name,@id,@gender)";
MySqlCommand = new MySqlCommand(query, conn2);
command.Parameters.AddWithValue("@name", name3.Text);
command.Parameters.AddWithValue("@id", id3.Text);
command.Parameters.AddWithValue("@gender", gender3.SelectedValue.ToString());
command.ExecuteNonQuery();
}
使用需要使用参数