此功能,因爲我通過用戶ID搜索:從MySQL數據庫中提取記錄只工作了用戶ID,而不是電子郵件
private void showList_Click(object sender, EventArgs e)
{
int id = 0;
for (int i = 0; i <= sqlClient.Count("UserList"); i++)
{
Dictionary<string, string> dik = sqlClient.Select("UserList", "userid = " + id);
var lines = dik.Select(kv => kv.Key + ": " + kv.Value.ToString());
userList.AppendText(string.Join(Environment.NewLine, lines));
userList.AppendText(Environment.NewLine);
userList.AppendText("--------------------------------------");
id++;
}
}
此功能不起作用,因爲我通過電子郵件進行搜索:
private void login_Click(object sender, EventArgs e)
{
string email = lemail.Text;
Dictionary<string, string> dik = sqlClient.Select("UserList", "firstname = " + email);
var lines = dik.Select(kv => kv.Key + ": " + kv.Value.ToString());
logged.AppendText(string.Join(Environment.NewLine, lines));
}
這是我單擊登錄按鈕時收到的錯誤消息:
您的SQL語法錯誤;檢查 對應於你的MySQL服務器版本正確的語法使用手動 附近「@ aol.com」在行1
我搜索了在數據庫中的電子郵件「[email protected]」沒有引號。 由於我知道這是一個特殊字符,但我很難相信錯誤信息@符號正在引起衝突,但我很難找出要搜索的詞組來幫助我。
而且,這裏是被調用的函數:
public Dictionary<string, string> Select(string table, string WHERE)
{
//This methods selects from the database, it retrieves data from it.
//You must make a dictionary to use this since it both saves the column
//and the value. i.e. "age" and "33" so you can easily search for values.
//Example: SELECT * FROM names WHERE name='John Smith'
// This example would retrieve all data about the entry with the name "John Smith"
//Code = Dictionary<string, string> myDictionary = Select("names", "name='John Smith'");
//This code creates a dictionary and fills it with info from the database.
string query = "SELECT * FROM " + table + " WHERE " + WHERE + "";
Dictionary<string, string> selectResult = new Dictionary<string, string>();
if (this.Open())
{
MySqlCommand cmd = new MySqlCommand(query, conn);
MySqlDataReader dataReader = cmd.ExecuteReader();
try
{
while (dataReader.Read())
{
for (int i = 0; i < dataReader.FieldCount; i++)
{
selectResult.Add(dataReader.GetName(i).ToString(), dataReader.GetValue(i).ToString());
}
}
dataReader.Close();
}
catch { }
this.Close();
return selectResult;
}
else
{
return selectResult;
}
}
我的數據庫表被稱爲 「UserList的」
中的字段順序如下:
用戶ID,電子郵件,密碼,姓氏,名字
任何幫助將不勝感激。這個網站很棒!
你有一些可怕的SQL注入漏洞。 –