使用此命令时出现此错误
MySqlCommand cmdDataBase = new MySqlCommand("select * from employee.transaction where department = '" + this.department.Text + "', month = '" + this.dateTimePicker1.Value.Month.ToString() + "' and year = '" + this.dateTimePicker1.Value.Year.ToString() + "' ;", conDataBase);
错误: - 您的sql语法中有错误;请查看与您的mysql服务器版本对应的手册,以获得正确的语法,以便在'附近使用。月份=' 7'和年=' 2015"在第1行
月份和年份在我的mysql版本(版本5.6.25)中是Int类型的
有人可以帮忙吗?
答案 0 :(得分:2)
您不能在WHERE子句中的过滤器之间使用逗号。
我认为您尝试写为AND month...而不是, month...
但更重要的是,您应该始终使用parameterized queries.此类字符串连接可用于SQL Injection次攻击。
using(var conDataBase = MySqlConnection(conString))
using(var cmdDataBase = conDataBase.CreateCommand())
{
cmdDatabase.CommandText = @"select * from employee.transaction
where department = @department AND month = @month AND year = @year";
cmdDatabase.Parameters.AddWithValue("@department", this.department.Text);
cmdDatabase.Parameters.AddWithValue("@month", this.dateTimePicker1.Value.Month.ToString());
cmdDatabase.Parameters.AddWithValue("@year", this.dateTimePicker1.Value.Year.ToString());
// Do your work here
}
同样基于您的列名,我强烈怀疑您的month和year列应为数字类型,而不是字符类型。
答案 1 :(得分:-1)
试试这个, MySqlCommand cmdDataBase = new MySqlCommand(“select * from employee.transaction where department ='”+ this.department.Text +“'and month ='”+ this.dateTimePicker1.Value.Month.ToString()+“'and year = '“+ this.dateTimePicker1.Value.Year.ToString()+”'“,conDataBase);