鑑於此C#代碼片段,如何在SQL查詢中使用C#變量?我明白做這件事的最好方法是使用「參數」,我已經看了很多例子,但到目前爲止我不能「把它放在一起」。如何在使用時向SQL添加參數
...
using MySql.Data.MySqlClient;
public partial class Form1 : Form
{
private string server;
private string database;
private string uid;
private string password;
private MySqlConnection connection;
public Form1()
{
InitializeComponent();
}
private void Form1_Load(object sender, EventArgs e)
{
webBrowser1.Navigate("127.0.0.1/box3.php");
server = "localhost";
database = "realestate_db";
uid = "root";
password = "";
string connectionString;
connectionString = "SERVER=" + server + ";" + "DATABASE=" + database + ";" + "UID=" + uid + ";" + "PASSWORD=" + password + ";";
connection = new MySqlConnection(connectionString);
connection.Open();
MySqlDataAdapter mySqlDataAdapter;
mySqlDataAdapter = new MySqlDataAdapter("SELECT `ID`, `lat` , `long` FROM `house` ", connection); // want to uses a C# variable in this SQL query
DataSet DS = new DataSet();
mySqlDataAdapter.Fill(DS);
dataGridView1.DataSource = DS.Tables[0];
}
....
Thanks.
這有什麼錯你現在的代碼?錯誤訊息?意外的行爲? – 2014-09-29 20:30:39
@eddie_cat代碼不完整。他希望知道如何擴展以在sql字符串的where子句中包含類似過濾器的內容,而不必將自己打開到sql注入。 – 2014-09-29 20:33:48
哎呀,看了一眼我認爲他已經在嘗試參數化,只是有問題讓他的代碼工作。沒有看到評論。 – 2014-09-29 20:35:21