我想参数化我的查询,所以代替此代码(This is a working code, I didn't put all the codes here because we have nothing to do with it.)
MySQL_Query = "SET @row_number = 0; " _
& "SELECT hardware_add " _
& "FROM (" _
& "SELECT " _
& "@row_number:=@row_number + 1 AS num, " _
& "hardware_add AS hardware_add " _
& "FROM teller_info " _
& "WHERE status = 'Disconnected'" _
& ") AS sub_query " _
& "WHERE num = " & counter & ";"
Console.WriteLine(MySQL_Query)
Dim MySQL_CMD As New MySqlCommand(MySQL_Query, MysqlConn)
MySQL_CMD.Connection.Open()
我将改为
。 MySQL_Query = "SET @row_number = 0; " _
& "SELECT hardware_add " _
& "FROM (" _
& "SELECT " _
& "@row_number:=@row_number + 1 AS num, " _
& "hardware_add AS hardware_add " _
& "FROM teller_info " _
& "WHERE status = 'Disconnected'" _
& ") AS sub_query " _
& "WHERE num = ?;"
Console.WriteLine(MySQL_Query)
Dim MySQL_CMD As New MySqlCommand(MySQL_Query, MysqlConn)
MySQL_CMD.Connection.Open()
MySQL_CMD.Parameters.Add(New MySqlParameter("counter", counter))
错误说
MySql.Data.MySqlClient.MySqlException(0x80004005):不允许混合命名和未命名的参数。
我的问题如何正确parameterize该查询?
答案 0 :(得分:1)
你必须给那个参数命名,这样做:
MySQL_Query = "SET @row_number = 0; " _
& "SELECT hardware_add " _
& "FROM (" _
& "SELECT " _
& "@row_number:=@row_number + 1 AS num, " _
& "hardware_add AS hardware_add " _
& "FROM teller_info " _
& "WHERE status = 'Disconnected'" _
& ") AS sub_query " _
& "WHERE num = @counter;"
Console.WriteLine(MySQL_Query)
Dim MySQL_CMD As New MySqlCommand(MySQL_Query, MysqlConn)
MySQL_CMD.Connection.Open()
MySQL_CMD.Parameters.Add(New MySqlParameter("@counter", counter))