-2
這裏是我的表:MySQL的INSERT INTO問題
CREATE TABLE IF NOT EXISTS CauHoi(MaCH VARCHAR(10) CHARACTER SET utf8 COLLATE utf8_unicode_ci PRIMARY KEY, MaMH VARCHAR(10) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL, Question TEXT CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL, Difficulty VARCHAR(10) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL, a TEXT CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL, b TEXT CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL, c TEXT CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL, d TEXT CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL, Answer VARCHAR(10) NOT NULL);
這裏是我的查詢:
answerComboBox->addItem("a");
answerComboBox->addItem("b");
answerComboBox->addItem("c");
answerComboBox->addItem("d");
q.prepare("INSERT INTO CauHoi(MaCH,MaMH,Question,Difficulty,a,b,c,d,Answer) VALUES ('"
+ maCHLineEdit->text() + "','"
+ maMHLineEdit->text() + "','"
+ questionTextEdit->toPlainText() + "','"
+ difficultyComboBox->currentText()+ "','"
+ aLineEdit->text() + "','"
+ bLineEdit->text() + "','"
+ cLineEdit->text() + "','"
+ dLineEdit->text() + "',"
+ answerComboBox->currentText()+");");
然而,當q.exec(),如果answerComboBox-> currentText()==」 c「,CauHoi表中的Answer列成爲cLineEdit-> text()。它是多麼的瘋狂!我只是希望它只是「a」,「b」,「c」,「d」。
請幫我
您需要更加小心你的SQL語句。嘗試在準備之前將其打印出來。你很容易受到SQL注入攻擊。爲了測試它,準備一個關於三個劍客的問題,其中一個答案是「D'Artagnan」。 – nvoigt