尝试在DataGrid上显示表时出现MySQL错误

时间:2017-05-15 05:38:40

标签: c# mysql

这是我正在使用的代码:

private void btn_search_Click(object sender, EventArgs e)
{
    try
    {
        MySqlConnection con = new MySqlConnection(@"Data Source=localhost;port=3306;Initial Catalog=dp;User Id=root;password=''");
        con.Open();
        DataTable dt = new DataTable();
        MySqlDataAdapter SDA = new MySqlDataAdapter("SELECT * FROM dp WHERE id LIKE " + txt_id.Text, con);
        SDA.Fill(dt);
        dataGridView1.DataSource = dt;
    }
    catch (MySqlException ex)
    {
        Console.WriteLine("StackTrace:" + ex.StackTrace);
    }

问题是,它抛出MySQL异常,

  

抛出异常:'MySql.Data.MySqlClient.MySqlException'in   MySql.Data.dll       StackTrace:at MySql.Data.MySqlClient.MySqlStream.ReadPacket()          at MySql.Data.MySqlClient.NativeDriver.GetResult(Int32& affectedRow,Int64& insertedId)          at MySql.Data.MySqlClient.Driver.GetResult(Int32 statementId,Int32& affectedRows,Int64& insertedId)          at MySql.Data.MySqlClient.Driver.NextResult(Int32 statementId,Boolean force)          at MySql.Data.MySqlClient.MySqlDataReader.NextResult()          at MySql.Data.MySqlClient.MySqlCommand.ExecuteReader(CommandBehavior)   行为)          at MySql.Data.MySqlClient.MySqlCommand.ExecuteDbDataReader(CommandBehavior)   行为)          在System.Data.Common.DbCommand.System.Data.IDbCommand.ExecuteReader(CommandBehavior)   行为)          在System.Data.Common.DbDataAdapter.FillInternal(DataSet数据集,DataTable [] datatables,Int32 startRecord,Int32 maxRecords,   String srcTable,IDbCommand命令,CommandBehavior行为)          在System.Data.Common.DbDataAdapter.Fill(DataTable [] dataTables,Int32 startRecord,Int32 maxRecords,IDbCommand命令,   CommandBehavior行为)          在System.Data.Common.DbDataAdapter.Fill(DataTable dataTable)          at Dispatching_Software.SearchUsers.btn_search_Click(Object sender,EventArgs e)在C:\ Users \ Owner \ documents \ visual studio中   2015 \ Projects \ Dispatching Software \ Dispatching   Software \ SearchUsers.cs:第34行

我要做的是搜索表格中的用户并显示它们,问题似乎是SDA.Fill(dt);

1 个答案:

答案 0 :(得分:2)

使用con.Open();时无需使用MySqlDataAdapter。另外,您应始终使用parameterized queries来避免SQL Injection

MySqlDataAdapter SDA = new MySqlDataAdapter("SELECT * FROM dp WHERE id LIKE '%' + @a + '%'", con);
SDA.SelectCommand.Parameters.AddWithValue("@a", txt_id.Text);

虽然直接指定类型并使用Value属性比AddWithValue更好:

 MySqlDataAdapter SDA = new MySqlDataAdapter("SELECT * FROM dp WHERE id LIKE @a", con);
SDA.SelectCommand.Parameters.Add("@a", MySqlDbType.VarChar, 200).Value = "%" + txt_id.Text;

Can we stop using AddWithValue() already?

相关问题
最新问题