我是c#的新手。我有一个comboBox代码,使用户可以选择月份和日期。当用户单击cmdSend按钮时,程序将检索月份&日期表单comboBox并调用dbConnect.Select类函数来执行select mysql语句。
private void cmdSend_Click(object sender, System.EventArgs e)
{
List<string>[] list;
list = dbConnect.Select(month_list.Text, year_list.Text);
printer_info.Rows.Clear();
for (int i = 0; i < list[0].Count; i++)
{
int number = printer_info.Rows.Add();
printer_info.Rows[number].Cells[0].Value = list[0][i];
printer_info.Rows[number].Cells[1].Value = list[1][i];
printer_info.Rows[number].Cells[2].Value = list[2][i];
printer_info.Rows[number].Cells[3].Value = list[3][i];
}
}
检索数据库类:
public List<string>[] Select(string month,string year)
{
string query = "SELECT * FROM page_counter where month ='" + month + "' AND year ='" + year + "' ;";
//Create a list to store the result
List<string>[] list = new List<string>[4];
list[0] = new List<string>();
list[1] = new List<string>();
list[2] = new List<string>();
list[3] = new List<string>();
//Open connection
if (this.OpenConnection() == true)
{
//Create Command
MySqlCommand cmd = new MySqlCommand(query, connection);
//Create a data reader and Execute the command
MySqlDataReader dataReader = cmd.ExecuteReader();
//Read the data and store them in the list
while (dataReader.Read())
{
list[0].Add(dataReader["id"].ToString() + "");
list[1].Add(dataReader["month"].ToString() + "");
list[2].Add(dataReader["year"].ToString() + "");
list[3].Add(dataReader["page_count"].ToString() + "");
}
//close Data Reader
dataReader.Close();
//close Connection
this.CloseConnection();
//return list to be displayed
return list;
}
else
{
return list;
}
}
但是这段代码不起作用,有人可以告诉我吗?
已编辑:
string query = "SELECT * FROM page_counter where month = @month AND year = @year;";
//Open connection
if (this.OpenConnection() == true)
{
//Create Command
MySqlCommand cmd = new MySqlCommand(query, connection);
cmd.Parameters.AddWithValue("@month",month);
cmd.Parameters.AddWithValue("@year",year );
//Create a data reader and Execute the command
MySqlDataReader dataReader = cmd.ExecuteReader();
//Read the data and store them in the list
while (dataReader.Read())
{
list[0].Add(dataReader["id"].ToString() + "");
list[1].Add(dataReader["month"].ToString() + "");
list[2].Add(dataReader["year"].ToString() + "");
list[3].Add(dataReader["page_count"].ToString() + "");
}
//close Data Reader
dataReader.Close();
我按照建议编辑了代码,但是我在AddWithValue上有一个错误,它说:不包含AddWithValue的定义而且没有扩展方法AddWithValue,我已经添加了Data.MySqlClient引用但仍然保持不变。请指教。
答案 0 :(得分:1)
问题1:您需要使用组合框的SelectedItem属性从中获取所选项目。
解决方案1:
替换它:
list = dbConnect.Select(month_list.Text, year_list.Text);
有了这个:
list = dbConnect.Select(month_list.SelectedItem.ToString(),
year_list.SelectedItem.ToString());
问题2:
我认为Month中的Year和Database列是INT列。如果它们是INT列,则您不需要将month列放在year列中单引号内的{1}}和string query = "SELECT * FROM page_counter where month =
" + month + " AND year =" + year + " ;";
参数值。
解决方案2:
试试这个:
string query = "SELECT * FROM page_counter where month = @month AND year = @year;";
//Open connection
if (this.OpenConnection() == true)
{
//Create Command
MySqlCommand cmd = new MySqlCommand(query, connection);
cmd.Parameters.AddWithValue("@month",month);
cmd.Parameters.AddWithValue("@year",year );
//Remaining same
//Create a data reader and Execute the command
MySqlDataReader dataReader = cmd.ExecuteReader();
//Read the data and store them in the list
while (dataReader.Read())
{
list[0].Add(dataReader["id"].ToString() + "");
list[1].Add(dataReader["month"].ToString() + "");
list[2].Add(dataReader["year"].ToString() + "");
list[3].Add(dataReader["page_count"].ToString() + "");
}
//close Data Reader
dataReader.Close();
建议:您的查询对sql注入攻击开放我建议使用参数化查询来避免它们。
使用参数化查询尝试此操作:
{{1}}