枝。
所以我要做的是使用C#应用程序在MySQL的整数列中插入一个空值。
我知道通常做这样的事情的查询会是;
INSERT INTO Database.Table (IntColumn) VALUES (NULL);
UPDATE Database.Table set IntColumn = (NULL) where id = '1';
它在工作台上运行良好。事实是,我甚至不确定这是否可行,但我需要在C#中执行此操作,同时仍允许文本框灵活地将整数输入MySQL数据库。在这种情况下,'home.text'链接到MySQL中的'home'列,这是一个整数字段。
这就是我制作代码的方式。
using MySql.Data.MySqlClient;
using MySql.Data;
namespace Masca.Content
{
/// <summary>
/// Interaction logic for Login.xaml
/// </summary>
public partial class Login : UserControl
{
//Function to check if column value is null before fetching string
public static string GetString(MySqlDataReader reader, string colName)
{
if (reader[colName] == DBNull.Value)
return string.Empty;
else
return (string)reader[colName];
}
//Function to check if column value is null before fetching int as string
public static string GetColumnValueAsString(MySqlDataReader reader, string colName)
{
if (reader[colName] == DBNull.Value)
return string.Empty;
else
return reader[colName].ToString();
}
public Login()
{
InitializeComponent();
}
public void save_Click(object sender, RoutedEventArgs e)
{
//Authentication parameters
string sqlcon = "datasource = localhost; port = 3306; username = root; password = root";
//Query to excecute
string queryadd = "insert into users.employees (member, username, password, question, answer, first, second, third, surname, dob, gender, doc, dept, cell, home, work, email, pemail, street, surbub, city, region, position, access, privilages, bank, account) values ('" + this.member.Text + "','" + this.username.Text + "','" + this.password.Text + "', '" + this.question.Text + "','" + this.answer.Text + "', '" + this.first.Text + "','" + this.second.Text + "','" + this.third.Text + "','" + this.surname.Text + "', '" + this.dob.Text + "','" + this.gender.Text + "', '" + this.doc.Text + "', '" + this.dept.Text + "', '" + this.cell.Text + "','" + this.home.Text + "', '" + this.work.Text + "', '" + this.email.Text + "', '" + this.pemail.Text + "', '" + this.street.Text + "', '" + this.surbub.Text + "', '" + this.city.Text + "', '" + this.region.Text + "', '" + this.position.Text + "', '" + this.access.Text + "', '" + this.privilages.Text + "', '" + this.bank.Text + "', '" + this.account.Text + "') ; insert into logon.login (username, password) values ('" +this.username.Text+ "', '" +this.password.Text+ "'); select * from users.employees where member = '" + this.member.Text + "' ;";
MySqlConnection con = new MySqlConnection(sqlcon);
MySqlDataReader rdr;
MySqlCommand cmd = new MySqlCommand(queryadd, con);
// Excecution
try
{
con.Open();
rdr = cmd.ExecuteReader();
MessageBox.Show("Saved");
while (rdr.Read())
{
//Declarations using function
string stag = GetColumnValueAsString(rdr, "tag");
string snumber = GetColumnValueAsString(rdr, "tag");
string smember = GetColumnValueAsString(rdr, "member");
string susername = GetString(rdr, "username");
string spassword = GetString(rdr, "password");
string ssecurity = GetString(rdr, "question");
string sanswer = GetString(rdr, "answer");
string sfirst = GetString(rdr, "first");
string ssecond = GetString(rdr, "second");
string sthird = GetString(rdr, "third");
string sfourth = GetString(rdr, "surname");
string sdob = rdr.GetString("dob");
string sgender = rdr.GetString("gender");
string sdoc = rdr.GetString("doc");
string sdept = rdr.GetString("dept");
string scell = GetColumnValueAsString(rdr, "cell");
string shome = GetColumnValueAsString(rdr, "home");
string swork = GetColumnValueAsString(rdr, "work");
string semail = GetString(rdr, "email");
string spemail = GetString(rdr, "pemail");
string sstreet = GetString(rdr, "street");
string ssurbub = GetString(rdr, "surbub");
string scity = GetString(rdr, "city");
string sregion = GetString(rdr, "region");
string sposition = GetString(rdr, "position");
string saccess = GetString(rdr, "access");
string sprivilages = GetString(rdr, "privilages");
string sbank = GetString(rdr, "bank");
string saccount = GetString(rdr, "account");
//Binding strings to textboxes
tag.Text = stag;
number.Text = stag;
member.Text = smember;
username.Text = susername;
password.Text = spassword;
question.Text = ssecurity;
answer.Text = sanswer;
first.Text = sfirst;
second.Text = ssecond;
third.Text = sthird;
surname.Text = sfourth;
dob.Text = sdob;
gender.Text = sgender;
doc.Text = sdoc;
dept.Text = sdept;
cell.Text = scell;
home.Text = shome;
work.Text = swork;
email.Text = semail;
pemail.Text = spemail;
street.Text = sstreet;
surbub.Text = ssurbub;
city.Text = scity;
region.Text = sregion;
position.Text = sposition;
access.Text = saccess;
privilages.Text = sprivilages;
bank.Text = sbank;
account.Text = saccount;
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
}
这是包含员工详细信息的表单背后的代码。 home.text应该保留住宅用地号码。假设员工在家里没有固定电话,他们会将电话留空。
每次我都这样做,我得到一个异常抛出“不正确的整数值”。要在数据库中留空,我必须键入(NULL)其中'“this.home.text'”当前在查询中。如果我这样做,我将无法在需要时使用home.text将信息插入数据库。
另一种方法吗?
答案 0 :(得分:1)
插入关于您的SQL对注入攻击开放的常用序言(有关参数化SQL的详细信息,请参阅this question)。
问题是,您将字符串插入到所有列中,而不管底层数据库类型如何。
这样:
'" + this.home.text + "'
如果为空,将产生'',这不能转换为整数。你可能想尝试类似的东西:
int? homeNumber = null; // Note the int? is syntactic sugar for Nullable<int>
if(!string.IsNullOrEmpty(home.text))
homeNumber = Convert.ToInt32(home.Text);
然后插入:
," + homeNumber + ", ....等等。
答案 1 :(得分:0)
你可以尝试一下
if (!int.TryParse(shome, out home.Text))
home.Text = null;
答案 2 :(得分:0)
我认为你应该只检查空或null字符串,
string queryadd = "insert into users.employees (member, username, password, question, answer, first, second, third, surname, dob, gender, doc, dept, cell, home, work, email, pemail, street, surbub, city, region, position, access, privilages, bank, account) values ('"
+ this.member.Text + "','" + this.username.Text + "','" + this.password.Text + "', '" + this.question.Text + "','" + this.answer.Text + "', '" + this.first.Text + "','" + this.second.Text + "','" + this.third.Text
+ "','" + this.surname.Text + "', '" + this.dob.Text + "','" + this.gender.Text + "', '" + this.doc.Text + "', '" + this.dept.Text + "', '" + this.cell.Text + "','"
+ string.IsNullOrWhiteSpace(this.home.Text) ? null : this.home.Text + "', '"
+ this.work.Text + "', '" + this.email.Text + "', '" + this.pemail.Text + "', '" + this.street.Text + "', '" + this.surbub.Text + "', '" + this.city.Text + "', '" + this.region.Text + "', '" + this.position.Text + "', '"
+ this.access.Text + "', '" + this.privilages.Text + "', '" + this.bank.Text + "', '" + this.account.Text
+ "') ; insert into logon.login (username, password) values ('" + this.username.Text + "', '" + this.password.Text + "'); "
+ " select * from users.employees where member = '" + this.member.Text + "' ;";
查看string.IsNullOrWhiteSpace(this.home.Text) ? null : this.home.Text
我认为你所形成的SQL是正确的并且会像这样工作,即两个SQL由;分隔,并且{{1} SQL与SELECT