好的,请参考我在main中的第一个问题代码,我希望用户在运行时输入员工姓名,然后我取用户输入的这个名称,并将其与我的emp表的e_name进行比较,如果它存在,我想要要显示该员工的所有信息,我该如何实现?
using System;
using System.Collections.Generic;
using System.Linq;
using System.Windows.Forms;
using MySql.Data.MySqlClient;
namespace ConnectCsharppToMySQL
{
public class DBConnect
{
private MySqlConnection connection;
private string server;
private string database;
private string uid;
private string password;
string name;
//Constructor
public DBConnect()
{
Initialize();
}
//Initialize values
private void Initialize()
{
server = "localhost";
database = "test";
uid = "root";
password = "";
string connectionString;
connectionString = "SERVER=" + server + ";" + "DATABASE=" +
database + ";" + "UID=" + uid + ";" + "PASSWORD=" + password + ";";
connection = new MySqlConnection(connectionString);
}
//open connection to database
private bool OpenConnection()
{
try
{
connection.Open();
return true;
}
catch (MySqlException ex)
{
//When handling errors, you can your application's response based
//on the error number.
//The two most common error numbers when connecting are as follows:
//0: Cannot connect to server.
//1045: Invalid user name and/or password.
switch (ex.Number)
{
case 0:
MessageBox.Show("Cannot connect to server. Contact administrator");
break;
case 1045:
MessageBox.Show("Invalid username/password, please try again");
break;
}
return false;
}
}
//Close connection
private bool CloseConnection()
{
try
{
connection.Close();
return true;
}
catch (MySqlException ex)
{
MessageBox.Show(ex.Message);
return false;
}
}
//Insert statement
public void Insert()
{
string query = "INSERT INTO emp (e_name, age) VALUES('Pooja R', '21')";
//open connection
if (this.OpenConnection() == true)
{
//create command and assign the query and connection from the constructor
MySqlCommand cmd = new MySqlCommand(query, connection);
//Execute command
cmd.ExecuteNonQuery();
//close connection
this.CloseConnection();
}
}
//Update statement
public void Update()
{
string query = "UPDATE emp SET e_name='Peachy', age='22' WHERE e_name='Pooja R'";
//Open connection
if (this.OpenConnection() == true)
{
//create mysql command
MySqlCommand cmd = new MySqlCommand();
//Assign the query using CommandText
cmd.CommandText = query;
//Assign the connection using Connection
cmd.Connection = connection;
//Execute query
cmd.ExecuteNonQuery();
//close connection
this.CloseConnection();
}
}
//Select statement
public List<string>[] Select()
{
string query = "SELECT * FROM emp where e_name=(/*I WANT USER ENTERED NAME TO GET INSERTED HERE*/)";
//Create a list to store the result
List<string>[] list = new List<string>[3];
list[0] = new List<string>();
list[1] = new List<string>();
list[2] = new List<string>();
//Open connection
if (this.OpenConnection() == true)
{
//Create Command
MySqlCommand cmd = new MySqlCommand(query, connection);
//Create a data reader and Execute the command
MySqlDataReader dataReader = cmd.ExecuteReader();
//Read the data and store them in the list
while (dataReader.Read())
{
list[0].Add(dataReader["e_id"] + "");
list[1].Add(dataReader["e_name"] + "");
list[2].Add(dataReader["age"] + "");
}
//close Data Reader
dataReader.Close();
//close Connection
this.CloseConnection();
//return list to be displayed
return list;
}
else
{
return list;
}
}
public static void Main(String[] args)
{
DBConnect db1 = new DBConnect();
Console.WriteLine("Initializing");
db1.Initialize();
Console.WriteLine("Search :");
Console.WriteLine("Enter the employee name");
db1.name = Console.ReadLine();
db1.Select();
Console.ReadLine();
}
}
}
答案 0 :(得分:0)
使用MySqlParameter:
using (MySqlConnection connection = new MySqlConnection(connectionString))
{
connection.Open();
using (MySqlCommand command = new MySqlCommand ("SELECT * FROM emp where e_name =@Name", connection))
{
//
// Add new SqlParameter to the command.
//
command.Parameters.AddWithValue("@Name", name);// name is get from console read line.
//
// Read in the SELECT results.
//
MySqlDataReader reader = command.ExecuteReader();
while (reader.Read())
{
// read each value
}
}
}
以下是您需要做的更改
//add name as Select method parameter
public List<string>[] Select(string name)
{
string query = "SELECT * FROM emp where e_name =@Name"; // change your select query
....
MySqlCommand cmd = new MySqlCommand(query, connection);
cmd.Parameters.AddWithValue("@Name", name) // add this line after creating command
....
}
将上述方法称为
db1.name = Console.ReadLine();
db1.Select(db1.name);
答案 1 :(得分:0)
此方法需要接受参数:
public List<string>[] Select()
这样的事情,很有可能:
public List<string>[] Select(string name)
然后,在该方法中,您可以引用name变量。调用该方法时,您将提供该变量:
var listOfResults = dbConnectInstance.Select(someNameValue);
一旦该变量出现在您的方法中,您就可以在SQL查询中使用它。您可以通过在SELECT查询中将其设置为参数来执行此操作。也许这样的事情(请记住这是免费的代码,我没有MySql .NET库可以方便地测试):
string query = "SELECT * FROM emp where e_name=@ename";
//... (opening the connection like you do now, etc.)
MySqlCommand cmd = new MySqlCommand(query, connection);
cmd.Parameters.Add("@ename", MySqlDbType.VarChar, 80).Value = name;
//... (continuing as you do now)
这实际上是在查询中创建一个名为@ename的占位符(它可以被称为任何东西,@是占位符的重要部分),它希望被实际替换值。在命令对象的Parameters集合中添加项是用占位符替换值。
这在ADO.NET中称为“参数化查询”(这是您正在使用的数据库连接技术)。它有助于保持您的查询动态(一个查询可以重复使用不同的值),并有助于防止SQL injection attacks(请注意,我说有助于防止,因为它不是一个神奇的子弹,一般来说,增加对主题的理解是你最好的防守。)
可以找到有关MySql .NET库查询和参数的更多信息starting here。