用C#实现MySQL的参数化查询
用C#实现MySQL的参数化查询
提问于 2009-03-17 03:56:17
我有下面的代码(我已经包含了我认为所有相关的部分):
private String readCommand = "SELECT LEVEL FROM USERS WHERE VAL_1 = ? AND VAL_@ = ?;";
public bool read(string id)
{
level = -1;
MySqlCommand m = new MySqlCommand(readCommand);
m.Parameters.Add(new MySqlParameter("", val1));
m.Parameters.Add(new MySqlParameter("", val2));
MySqlDataReader r = m.ExecuteReader();
if (r.HasRows)
level = Convert.ToInt32(r.GetValue(0).ToString());
r.Close();
return true;
}当我运行这段代码时,我在添加第一个参数时得到一个IndexOutOfBoundsException。我做错了什么?
回答 6
Stack Overflow用户
回答已采纳
发布于 2009-03-17 04:08:03
试着这样做:
private String readCommand =
"SELECT LEVEL FROM USERS WHERE VAL_1 = @param_val_1 AND VAL_2 = @param_val_2;";
public bool read(string id)
{
level = -1;
MySqlCommand m = new MySqlCommand(readCommand);
m.Parameters.AddWithValue("@param_val_1", val1);
m.Parameters.AddWithValue("@param_val_2", val2);
level = Convert.ToInt32(m.ExecuteScalar());
return true;
}Stack Overflow用户
发布于 2012-02-02 19:38:00
protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
{
MySqlConnection con = new MySqlConnection("server=localhost;User Id=root;database=result;password=1234");
con.Open();
MySqlCommand cmd = new MySqlCommand("Select * from users where username=?username and password=?password", con);
cmd.Parameters.Add(new MySqlParameter("username", this.Login1.UserName));
cmd.Parameters.Add(new MySqlParameter("password", this.Login1.Password));
MySqlDataReader dr = cmd.ExecuteReader();
if (dr.HasRows ==true)
{
e.Authenticated = true;
}
}Stack Overflow用户
发布于 2009-03-17 04:09:15
您需要在查询中使用命名参数。例如:
String readCommand = "SELECT LEVEL FROM USERS WHERE VAL_1 = ?param1 AND VAL_2 = ?param2";然后,在实例化MySqlParameter对象时传递参数名称,如下所示:
m.Parameters.Add(new MySqlParameter("param1", val1));页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/652978
复制相关文章
相似问题