从 Mysql 中搜索数据并将其设置到文本框 c#

【问题标题】:Search Data From Mysql and Set it into Textbox c#从 Mysql 中搜索数据并将其设置到文本框 c#
【发布时间】:2022-01-11 22:35:55
【问题描述】:

我正在尝试制作一个程序,从 MySQL 数据库中搜索数据并使用 Text Change 事件在文本框中显示值。

到目前为止,这是我的代码:

private void textBox1_TextChanged(object sender, EventArgs e)
{       
    string sqlstring = "database = db_phonebook; user = root; password = ''; server = 'localhost'; SSL Mode = None";
    MySqlConnection mysqlcon = new MySqlConnection(sqlstring);
    MySqlCommand mysqlcom;
    MySqlDataReader mdr;
    
    mysqlcon.Open();
    
    string selectquery = "SELECT * FROM 'tbl_phonebook' WHERE CID =" + cid.Text;
    mysqlcom = new MySqlCommand(selectquery, mysqlcon);
    
    mdr = mysqlcom.ExecuteReader();
    
    if (mdr.Read())
    {
        name.Text = mdr.GetString("Name");
        address.Text = mdr.GetString("Address");
        contact.Text = mdr.GetString("Contact_Number");
        email.Text = mdr.GetString("Email_Address");
    }
    else
    {
        MessageBox.Show("Record Not Found!");
    }
    
    mysqlcon.Close();        
}

但是错误提示 MySql.Data.MySqlClient.MySqlException: 'You have an error in your SQL syntax;查看与您的 MariaDB 服务器版本相对应的手册,了解在第 1 行的“tbl_phonebook”WHERE CID =' 附近使用的正确语法

知道如何解决这个问题吗?

【问题讨论】:

  • 您想要反引号(tab 键上方的键)而不是单引号。您也真的不想直接将任意文本框输入直接发送到数据库。对于只有一点知识的人来说,使用它来执行诸如删除数据库中的所有表之类的事情是微不足道的。
  • 这样查询 "SELECT * FROM 'tbl_phonebook' WHERE CID ="'+cid.Text+'";
  • @SANDEEP Noooo,这在至少两种不同的方面仍然是错误的,可能是三种。

标签: c# mysql database


【解决方案1】:

很抱歉,这里有很多错误,其中一些甚至比您所知道的错误更重要。试试这个,并从显示的模式中学习:

private void textBox1_TextChanged(object sender, EventArgs e)
{       
    string constring = "database = db_phonebook; user = root; password = ''; server = 'localhost'; SSL Mode = None";
    //backticks instead of single quotes around the table/object name
    string sql = "SELECT * FROM `tbl_phonebook` WHERE CID = @CID";
    //using blocks make sure the connection is closed and disposed, 
    // EVEN IF AN EXCEPTION IS THROWN
    // Original code would have left the connection hanging open.
    using (var con = new MySqlConnection(constring))
    using(var cmd = new MySqlCommand(sql, con))
    {
        //parameterized query instead of string concatenation.
        // THIS IS A **HUGE** DEAL!!
        // It's important enough you should STOP and go FIX
        // any code you have anywhere that already uses concatenation.
        cmd.Parameters.AddWithValue("@CID", cid.Text);
        con.Open();
        using (var mdr = cmd.ExecuteReader())
        {
    
            if (mdr.Read())
            {
                name.Text = mdr.GetString("Name");
                address.Text = mdr.GetString("Address");
                contact.Text = mdr.GetString("Contact_Number");
                email.Text = mdr.GetString("Email_Address");
            }
            else
            {
                //Do NOT show an interrupting textbox that steals focus from
                // an actively typing user based on a textchanged event!

                name.Text = "";
                address.Text = "";
                contact.Text = "";
                email.Text = "";
            }
        }
    }      
}

【讨论】:

    猜你喜欢
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2020-07-31
    • 2012-10-06
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode