找到你要的答案

Q:c# Insert data into MySQL database using parameters

Q:C #插入数据到MySQL数据库中使用参数

This probably a simple solution, but I've got a deadline to catch and I don't know the exact problem here. So here's the deal, I'm trying to update my table using this piece of code:

    private void btn_opslaan_Click(object sender, EventArgs e)
    {
        string opleidingsid = "Select OpleidingsID From opleidingen Where Opleidingsnaam = '" + cb_opleiding.Text + "'";
        MySqlCommand cmdid = new MySqlCommand(opleidingsid, dbconnect.connection);
        dbconnect.OpenConnection();
        MySqlDataReader reader = cmdid.ExecuteReader();
        reader.Read();
            int oplid = (int)reader.GetValue(0);

        cmdid.Dispose();
        reader.Close();
        sql = "UPDATE leerlingen SET Naam = '_naam', Adres = '_adres', Woonplaats = '_woonplaats', Postcode = '_postcode', Email = '_email', Telefoonnummer = '_telefoonnummer', Klas = '_klas', Ovnummer = '_ovnummer', OpleidingsID = '_opleidingsid', Startdatum = '_startdatum', Einddatum = '_einddatum' WHERE LeerlingID = '_leerlingid'";

      //  sql = "UPDATE leerlingen set Naam  = '" + txt_naam.Text + "', Adres = '" + txt_adres.Text + "', Woonplaats = '" + txt_woonplaats.Text + "', Postcode = '" + txt_postcode.Text + "', Email = '" + txt_email.Text + "', Telefoonnummer = '" + txt_telefoonnumer.Text + "', Klas = '" + txt_klas.Text + "', Ovnummer = '" + txt_ovnummer.Text + "', OpleidingsID = '" + oplID + "', Startdatum = '"+mc_startdatum.SelectionStart.Date.ToString()+"', Einddatum = '"+ mc_einddatum.SelectionStart.Date.ToString() +"' WHERE LeerlingID = '" + Int32.Parse(lbl_leerlingid.Text) + "'";
        MySqlCommand cmd = new MySqlCommand(sql, dbconnect.connection);

        cmd.Parameters.AddWithValue("_naam", txt_naam.Text);
        cmd.Parameters.AddWithValue("_adres", txt_adres.Text);
        cmd.Parameters.AddWithValue("_woonplaats", txt_woonplaats.Text);
        cmd.Parameters.AddWithValue("_postcode", txt_postcode.Text);
        cmd.Parameters.AddWithValue("_email", txt_email.Text);
        cmd.Parameters.AddWithValue("_telefoonnummer", txt_telefoonnumer.Text);
        cmd.Parameters.AddWithValue("_klas", txt_klas.Text);
        cmd.Parameters.AddWithValue("_ovnummer", txt_ovnummer.Text);
        cmd.Parameters.AddWithValue("_opleidingsid", oplid);
        cmd.Parameters.AddWithValue("_startdatum", mc_startdatum.SelectionStart.Date.ToString());
        cmd.Parameters.AddWithValue("_einddatum", mc_einddatum.SelectionStart.Date.ToString());
        cmd.Parameters.AddWithValue("_leerlingid", int.Parse(lbl_leerlingid.Text));

        try
        {
            cmd.ExecuteNonQuery();
            MessageBox.Show("opslaan gelukt");
        }
        catch (Exception error)
        {
            MessageBox.Show(error.ToString());
            throw;
        }
        dbconnect.CloseConnection();

        this.Close();

    }

I've already tried without the single quotes, it would give me the error that colomn '_leerlingid' does not exist, but that is the parameter... Now, I dont get any errors, but it wouldn't update my database. Any help please

P.S. Ignore the sql injection please, before this , i didn't knew better before I found out about parameters.

This probably a simple solution, but I've got a deadline to catch and I don't know the exact problem here. So here's the deal, I'm trying to update my table using this piece of code:

    private void btn_opslaan_Click(object sender, EventArgs e)
    {
        string opleidingsid = "Select OpleidingsID From opleidingen Where Opleidingsnaam = '" + cb_opleiding.Text + "'";
        MySqlCommand cmdid = new MySqlCommand(opleidingsid, dbconnect.connection);
        dbconnect.OpenConnection();
        MySqlDataReader reader = cmdid.ExecuteReader();
        reader.Read();
            int oplid = (int)reader.GetValue(0);

        cmdid.Dispose();
        reader.Close();
        sql = "UPDATE leerlingen SET Naam = '_naam', Adres = '_adres', Woonplaats = '_woonplaats', Postcode = '_postcode', Email = '_email', Telefoonnummer = '_telefoonnummer', Klas = '_klas', Ovnummer = '_ovnummer', OpleidingsID = '_opleidingsid', Startdatum = '_startdatum', Einddatum = '_einddatum' WHERE LeerlingID = '_leerlingid'";

      //  sql = "UPDATE leerlingen set Naam  = '" + txt_naam.Text + "', Adres = '" + txt_adres.Text + "', Woonplaats = '" + txt_woonplaats.Text + "', Postcode = '" + txt_postcode.Text + "', Email = '" + txt_email.Text + "', Telefoonnummer = '" + txt_telefoonnumer.Text + "', Klas = '" + txt_klas.Text + "', Ovnummer = '" + txt_ovnummer.Text + "', OpleidingsID = '" + oplID + "', Startdatum = '"+mc_startdatum.SelectionStart.Date.ToString()+"', Einddatum = '"+ mc_einddatum.SelectionStart.Date.ToString() +"' WHERE LeerlingID = '" + Int32.Parse(lbl_leerlingid.Text) + "'";
        MySqlCommand cmd = new MySqlCommand(sql, dbconnect.connection);

        cmd.Parameters.AddWithValue("_naam", txt_naam.Text);
        cmd.Parameters.AddWithValue("_adres", txt_adres.Text);
        cmd.Parameters.AddWithValue("_woonplaats", txt_woonplaats.Text);
        cmd.Parameters.AddWithValue("_postcode", txt_postcode.Text);
        cmd.Parameters.AddWithValue("_email", txt_email.Text);
        cmd.Parameters.AddWithValue("_telefoonnummer", txt_telefoonnumer.Text);
        cmd.Parameters.AddWithValue("_klas", txt_klas.Text);
        cmd.Parameters.AddWithValue("_ovnummer", txt_ovnummer.Text);
        cmd.Parameters.AddWithValue("_opleidingsid", oplid);
        cmd.Parameters.AddWithValue("_startdatum", mc_startdatum.SelectionStart.Date.ToString());
        cmd.Parameters.AddWithValue("_einddatum", mc_einddatum.SelectionStart.Date.ToString());
        cmd.Parameters.AddWithValue("_leerlingid", int.Parse(lbl_leerlingid.Text));

        try
        {
            executenonquery() CMD;
            MessageBox.Show("opslaan gelukt");
        }
        catch (Exception error)
        {
            MessageBox.Show(error.ToString());
            throw;
        }
        dbconnect.CloseConnection();

        this.Close();

    }

I've already tried without the single quotes, it would give me the error that colomn '_leerlingid' does not exist, but that is the parameter... Now, I dont get any errors, but it wouldn't update my database. Any help please

忽略了SQL注入吗,在这之前,我不知道在我发现之前的参数。

answer1: 回答1:

Try replacing your parameters with the @ symbol and remove the single quotes, like this:

SQL = "UPDATE leerlingen SET Naam = @naam, Adres = @adres";

cmd.Parameters.AddWithValue("@naam", txt_naam.Text);
cmd.Parameters.AddWithValue("@adres", txt_adres.Text);

尝试用@符号替换参数,删除单个引号,像这样:

SQL = "UPDATE leerlingen SET Naam = @naam, Adres = @adres";

cmd.Parameters.AddWithValue("@naam", txt_naam.Text);
cmd.Parameters.AddWithValue("@adres", txt_adres.Text);
answer2: 回答2:

I think what you did wrong is you mustn't initialize your MySqlCommand like that. It must be like this..

MySqlCommand cmd;

cmd = dbconnect.createCommand();
cmd.CommandText = "UPDATE tableName SET firstname=@firstname, lastname=@lastname where id=@id";
cmd.Parameters.AddWithValue("@id", idTxt.Text);
cmd.Parameters.AddWithValue("@firstname", fName.Text);
cmd.Parameters.AddWithValue("@lastname", lName.Text);
cmd.ExecuteNonQuery();

我认为你做错了什么是你不能初始化你的MySQL命令一样。一定是这样的..

MySqlCommand cmd;

cmd = dbconnect.createCommand();
cmd.CommandText = "UPDATE tableName SET firstname=@firstname, lastname=@lastname where id=@id";
cmd.Parameters.AddWithValue("@id", idTxt.Text);
cmd.Parameters.AddWithValue("@firstname", fName.Text);
cmd.Parameters.AddWithValue("@lastname", lName.Text);
executenonquery() CMD;
answer3: 回答3:

when I creating a new data in c#, I make it like this ..

//values

String a = "COL1ROW1", b = "COL1ROW2";

//this is the code for mysql

String query = "Insert Into tableName(Column1, Column2)values('" + a + "','" + b + "')";

//conn is your mysqlconnection

MySqlCommand cmd = new MySqlCommand(query, conn);

//then execute it

cmd.ExecuteNonQuery();

当我在C #创造新的数据,我让它这样。

/ /价值

String a = "COL1ROW1", b = "COL1ROW2";

//这是MySQL的代码

String query = "Insert Into tableName(Column1, Column2)values('" + a + "','" + b + "')";

/ /是你的mysqlconnection

MySQL命令cmd =新的MySQL命令(查询、Conn);

然后执行它

executenonquery() CMD;

c#  mysql  parameters