我不知道为什么会收到此错误。我之前插入了整数值。在Form1中,我在之前的表单中插入了字符串和int值。
string customer_id = variables.cid;
customerID_txt.Text = customer_id;
string constring2 = "datasource=localhost;port=3306;username=root;password=root";
string Query2 = "insert into artgallery.orders(customer_id,painting_id) values ('" + this.customerID_txt + "','" + this.pID_txt.Text + "');";
MySqlConnection conDatabase2 = new MySqlConnection(constring2);
variables.cid是一个字符串。
答案 0 :(得分:0)
尝试从值中删除引号:
string customer_id = variables.cid;
customerID_txt.Text = customer_id;
string constring2 = "datasource=localhost;port=3306;username=root;password=root";
string Query2 = "insert into artgallery.orders(customer_id,painting_id) values (" + this.customerID_txt + ",'" + this.pID_txt.Text + "');";
MySqlConnection conDatabase2 = new MySqlConnection(constring2);
如果this.customer_id是一个文本框,则需要将其更改为this.customer_id.Text,就像使用this.pID_txt.Text
答案 1 :(得分:0)
你的意思是:(注意.Text并删除引号)
string customer_id = variables.cid;
customerID_txt.Text = customer_id;
string constring2 = "datasource=localhost;port=3306;username=root;password=root";
string Query2 = "insert into artgallery.orders(customer_id,painting_id) values (" + this.customerID_txt.Text + "," + this.pID_txt.Text + ");";
MySqlConnection conDatabase2 = new MySqlConnection(constring2);
此外,您可能希望确保这些是整数,以便没有人可以将代码注入数据库:
string customer_id = variables.cid;
customerID_txt.Text = customer_id;
string constring2 = "datasource=localhost;port=3306;username=root;password=root";
string Query2 = "insert into artgallery.orders(customer_id,painting_id) values (" + int.Parse(this.customerID_txt.Text) + "," + int.Parse(this.pID_txt.Text) + ");";
MySqlConnection conDatabase2 = new MySqlConnection(constring2);
答案 2 :(得分:0)
删除单引号并使用customer_id或customerID_txt.Text代替customerID_txt,因为它是一个组件。试试这段代码:
string customer_id = variables.cid;
customerID_txt.Text = customer_id;
string constring2 = "datasource=localhost;port=3306;username=root;password=root";
string Query2 = "insert into artgallery.orders(customer_id,painting_id) values (" + customer_id + ",'" + this.pID_txt.Text + "');";
MySqlConnection conDatabase2 = new MySqlConnection(constring2);
答案 3 :(得分:0)
您的代码:
string Query2 = "insert into artgallery.orders(customer_id,painting_id) values ('" + this.customerID_txt + "','" + this.pID_txt.Text + "');";
创建以下sql:
insert into artgallery.orders(customer_id,painting_id) values ('xxx','yyy');
那个SQL说你试图插入两个字符串。删除引号,您将在路上(假设该值确实是整数等)。如前所述,您希望执行参数化SQL以避免SQL注入攻击。
答案 4 :(得分:0)
正如其他人所指出的那样,强烈建议使用参数化查询 代码应该是(假设两个参数都是int):
string customer_id = variables.cid;
customerID_txt.Text = customer_id;
string constring2 = "datasource=localhost;port=3306;username=root;password=root";
using (MySqlConnection connection = new MySqlConnection(constring2))
{
string query = "insert into artgallery.orders(customer_id, painting_id) values (@cutsomerId, @paintingId);";
MySqlCommand command = new MySqlCommand(query, connection);
command.Parameters.Add(new MySqlParameter("customerId", int.Parse(this.customerID_txt.Text)));
command.Parameters.Add(new MySqlParameter("paintingId", int.Parse(this.pID_txt.Text)));
command.Connection.Open();
command.ExecuteNonQuery();
}