Question

好吧，所以我有错误'Mysql.Data.Mysqlclient.MysqlException（0x80004005）：当我尝试插入新值时，'字段列表'中的未知列'lotete'

C＃代码

string sql = "INSERT INTO `users` (`username`,`email`,`password`, `key`) VALUES (`lotete`, `test`, `xd`, `test2`)";
    if (connection != null)
    {
        connection.Open();
        MySqlCommand command = connection.CreateCommand();
        command.CommandText = sql;
        try
        {
            //command.Parameters.AddWithValue("@username", userName);
            command.ExecuteNonQuery();
        }
        catch (System.Exception ex)
        {
            Debug.LogError("MySQL error: " + ex.ToString());
        }
    }

MySQL： http://prntscr.com/n0873w

Answer 1

您应该使用Parameters作为命令来防止SQL注入。

command.CommandText = "INSERT INTO users(username,email,password, key) VALUES(@username, @email, @password, @key)";
command.Parameters.AddWithValue("@username", "lotete");
command.Parameters.AddWithValue("@email", "test@test.com");
command.Parameters.AddWithValue("@password", "testtest");
command.Parameters.AddWithValue("@key", "test2");

Mysql C＃Mysql.Data.Mysqlclient.MysqlException（0x80004005）：'字段列表'中的未知列'lotete'

1 个答案: