在一个文本框中多次搜索我的sql c#

时间:2016-05-29 01:37:57

标签: c# mysql

        private void searchButton_Click(object sender, EventArgs e)
    {
        string constring = "datasource=localhost;port=3306;Initial Catalog = 'dbcpu'; username = root; password =";
        string query = "select * from admin where UserID='" + maskedTextBox1.Text + "'";

        MySqlConnection conDataBase = new MySqlConnection(constring);
        MySqlCommand cmdDataBase = new MySqlCommand(query, conDataBase);
        MySqlDataReader myReader;

        try
        {
            conDataBase.Open();
            myReader = cmdDataBase.ExecuteReader();

            while (myReader.Read())
            {
                string Idnum = myReader.GetString(myReader.GetOrdinal("UserID"));
                label1.Text = Idnum;

                string Lname = myReader.GetString(myReader.GetOrdinal("UserLname"));
                Lname1.Text = Lname;

                string Fname = myReader.GetString(myReader.GetOrdinal("UserFname"));
                Fname1.Text = Fname;

                string Mname = myReader.GetString(myReader.GetOrdinal("UserMname"));
                Mname1.Text = Mname;

                string Gender = myReader.GetString(myReader.GetOrdinal("UserGender"));
                Gend1.Text = Gender;

                string Pos = myReader.GetString(myReader.GetOrdinal("Administrative"));
                Pos1.Text = Pos;

                string Dept = myReader.GetString(myReader.GetOrdinal("UserDepartment"));
                Off1.Text = Dept;

                byte[] imgg = (byte[])(myReader["IDPicture"]);
                if (imgg == null)
                    pictureBox1.Image = null;
                else
                {
                    MemoryStream mstream = new MemoryStream(imgg);
                    pictureBox1.Image = Image.FromStream(mstream);
                }
            }
            conDataBase.Close();
        }
        catch (Exception ex)
        {
            MessageBox.Show(ex.Message);
        }
    }

我只能搜索身份证号码。我还想在同一个框中搜索姓氏或名字,它会给我结果。我认为它在查询中的某个地方。提前致谢。 :d

1 个答案:

答案 0 :(得分:0)

您可以使用int.TryParse将输入验证为整数ID,否则,将其用作firstname / lastname值,我已修改您的代码以包含命令参数以避免注入。

     int test = *it;
         ^~~~
/usr/local/include/c++/6.1.0/debug/safe_iterator.h:270:

Error: attempt to dereference a singular iterator.

Objects involved in the operation:

    iterator "this" @ 0x0x7fff5f561e90 {
      type = __gnu_debug::_Safe_iterator<std::__cxx1998::_List_iterator<int>, std::__debug::list<int, std::allocator<int> > > (mutable iterator);
      state = singular;
      references sequence with type 'std::__debug::list<int, std::allocator<int> >' @ 0x0x7fff5f561ef0
    }
bash: line 7: 16071 Aborted                 (core dumped) ./a.out