ASP.NET中的mysql参数化查询

时间:2013-12-11 13:20:44

标签: mysql asp.net parameterized-query

我正在处理参数化查询,但我没有在结果中获得正确的查询

这是我的代码

   public MySqlCommand Get_Login(string clinetID, string loginID, string password, string branchID)
    {
        MySqlCommand objCommand = new MySqlCommand(this.Query);


        objCommand.Parameters.AddWithValue("@ClientID", clinetID);
        objCommand.Parameters.AddWithValue("@LoginID", loginID);
        objCommand.Parameters.AddWithValue("@Password", password);
        objCommand.Parameters.AddWithValue("@BranchID", branchID);

        objCommand.CommandType = CommandType.Text;
        return objCommand;
    }

当调试时,这就是我在“objCommand”中得到的内容

 Select u.groupid,p.PersonId, p.designationid,concat(p.salutation,p.FName,'
',p.MName,' ',p.LName) as PersonName,tb.Type
 BrType,p.OrgId,p.subdepartmentid,ifnull(crossdept,'N') as
 crossdept,p.departmentid,u.defaultpage,p.orgid,ifnull(p.crosslab,'N') as crosslab,
 (select indoor_services from dc_Tp_organization where orgid='@ClientID') as
 indoor_services,(select name from dc_Tp_organization where orgid='@ClientID') as 
 orgname,
 (select default_route from dc_Tp_organization where orgid='@ClientID') as
 default_route,p.BranchID BranchID,tb.Name BRName from dc_tp_personnel p left outer
  join
 dc_tu_userright u on u.personid=p.personid left outer join dc_tp_branch tb on
 tb.BranchID=p.BranchID Where p.Active='Y' and p.LoginId = '@LoginID' and p.Pasword
  ='@Password' and p.BranchID='@BranchID'

我没有获得参数值

这是查询

objdbhims.Query = "Select u.groupid,p.PersonId,
p.designationid,concat(p.salutation,p.FName,' ',p.MName,' ',p.LName) as 
PersonName,tb.Type BrType,p.OrgId,p.subdepartmentid,ifnull(crossdept,'N') as 
crossdept,p.departmentid,u.defaultpage,p.orgid,ifnull(p.crosslab,'N') as crosslab,
(select indoor_services from dc_Tp_organization where orgid=@ClientID) as
indoor_services,(select name from dc_Tp_organization where orgid=@ClientID) as
orgname,(select default_route from dc_Tp_organization where orgid=@ClientID) as
 default_route,p.BranchID BranchID,tb.Name BRName from dc_tp_personnel p left outer
join dc_tu_userright u on u.personid=p.personid left outer join dc_tp_branch tb on
tb.BranchID=p.BranchID Where p.Active='Y' and p.LoginId = @LoginID and p.Pasword
=@Password and p.BranchID=@BranchID";

2 个答案:

答案 0 :(得分:5)

秘密松鼠使用“?”是正确的用于参数化变量。 MySQL使用“@”作为查询的内联sql变量,因此期望它们被声明,例如来自脚本或内联(select子查询)声明的一部分。

您需要在查询中更改参数的BOTH实例...以及command.Parameters.Add ...实例。

另外,我注意到了,不知道是不是它,但是在你的WHERE子句中你有“pasword”(只有一个's)和密码(两个's)不知道是否有意或无意

可能有帮助的最后一件事。由于某些参数与列名相匹配,我建议稍微更改参数,只需在列名和实际参数之间添加类似“x”的FORCE区分...... 

where... p.LoginID = ?xLoginID ...

并在命令参数

objCommand.Parameters.AddWithValue("?xLoginID", loginID);

答案 1 :(得分:2)

问题是因为参数是用单引号换行将它们转换成字符串文字。

要使其正常工作,请删除它们周围的单引号。例如

Where p.Active = 'Y' 
      and p.LoginId = @LoginID 
      and p.Pasword = @Password
      and p.BranchID = @BranchID
相关问题
最新问题