從C＃應用程序中存儲空整數值

所以我想要做的是在MySQL中使用C＃應用程序在整數列插入一個空值。

我知道查詢一般做這樣的事情會;

INSERT INTO Database.Table (IntColumn) VALUES (NULL); 
UPDATE Database.Table set IntColumn = (NULL) where id = '1';

它在工作臺的偉大工程。事情是，我甚至不確定這是否可能，但我需要在C＃中做到這一點，同時仍然允許文本框靈活地輸入整數到MySQL數據庫。在這種情況下，'home.text'鏈接到MySQL中的'home'列，這是一個整數字段。

這就是我做我的代碼。

using MySql.Data.MySqlClient; 
    using MySql.Data; 

    namespace Masca.Content 
    { 

/// <summary> 
/// Interaction logic for Login.xaml 
/// </summary> 
public partial class Login : UserControl 
{ 
    //Function to check if column value is null before fetching string 

    public static string GetString(MySqlDataReader reader, string colName) 
    { 
     if (reader[colName] == DBNull.Value) 
      return string.Empty; 
     else 
      return (string)reader[colName]; 
    } 

    //Function to check if column value is null before fetching int as string 
    public static string GetColumnValueAsString(MySqlDataReader reader, string colName) 
    { 
     if (reader[colName] == DBNull.Value) 
      return string.Empty; 
     else 
      return reader[colName].ToString(); 
    } 

    public Login() 
    { 
     InitializeComponent(); 

    } 

    public void save_Click(object sender, RoutedEventArgs e) 
    { 
    //Authentication parameters 
     string sqlcon = "datasource = localhost; port = 3306; username = root; password = root"; 
    //Query to excecute 
     string queryadd = "insert into users.employees (member, username, password, question, answer, first, second, third, surname, dob, gender, doc, dept, cell, home, work, email, pemail, street, surbub, city, region, position, access, privilages, bank, account) values ('" + this.member.Text + "','" + this.username.Text + "','" + this.password.Text + "', '" + this.question.Text + "','" + this.answer.Text + "', '" + this.first.Text + "','" + this.second.Text + "','" + this.third.Text + "','" + this.surname.Text + "', '" + this.dob.Text + "','" + this.gender.Text + "', '" + this.doc.Text + "', '" + this.dept.Text + "', '" + this.cell.Text + "','" + this.home.Text + "', '" + this.work.Text + "', '" + this.email.Text + "', '" + this.pemail.Text + "', '" + this.street.Text + "', '" + this.surbub.Text + "', '" + this.city.Text + "', '" + this.region.Text + "', '" + this.position.Text + "', '" + this.access.Text + "', '" + this.privilages.Text + "', '" + this.bank.Text + "', '" + this.account.Text + "') ; insert into logon.login (username, password) values ('" +this.username.Text+ "', '" +this.password.Text+ "'); select * from users.employees where member = '" + this.member.Text + "' ;"; 

     MySqlConnection con = new MySqlConnection(sqlcon); 

     MySqlDataReader rdr; 

     MySqlCommand cmd = new MySqlCommand(queryadd, con); 

    // Excecution 
      try 
      { 
       con.Open(); 
       rdr = cmd.ExecuteReader(); 
       MessageBox.Show("Saved"); 
       while (rdr.Read()) 
       { 
        //Declarations using function 

        string stag = GetColumnValueAsString(rdr, "tag"); 
        string snumber = GetColumnValueAsString(rdr, "tag"); 
        string smember = GetColumnValueAsString(rdr, "member"); 

        string susername = GetString(rdr, "username"); 
        string spassword = GetString(rdr, "password"); 

        string ssecurity = GetString(rdr, "question"); 
        string sanswer = GetString(rdr, "answer"); 

        string sfirst = GetString(rdr, "first"); 
        string ssecond = GetString(rdr, "second"); 
        string sthird = GetString(rdr, "third"); 
        string sfourth = GetString(rdr, "surname"); 

        string sdob = rdr.GetString("dob"); 
        string sgender = rdr.GetString("gender"); 
        string sdoc = rdr.GetString("doc"); 

        string sdept = rdr.GetString("dept"); 

        string scell = GetColumnValueAsString(rdr, "cell"); 
        string shome = GetColumnValueAsString(rdr, "home"); 
        string swork = GetColumnValueAsString(rdr, "work"); 
        string semail = GetString(rdr, "email"); 
        string spemail = GetString(rdr, "pemail"); 

        string sstreet = GetString(rdr, "street"); 
        string ssurbub = GetString(rdr, "surbub"); 
        string scity = GetString(rdr, "city"); 
        string sregion = GetString(rdr, "region"); 

        string sposition = GetString(rdr, "position"); 
        string saccess = GetString(rdr, "access"); 
        string sprivilages = GetString(rdr, "privilages"); 
        string sbank = GetString(rdr, "bank"); 
        string saccount = GetString(rdr, "account"); 

        //Binding strings to textboxes 

        tag.Text = stag; 
        number.Text = stag; 
        member.Text = smember; 

        username.Text = susername; 
        password.Text = spassword; 

        question.Text = ssecurity; 
        answer.Text = sanswer; 

        first.Text = sfirst; 
        second.Text = ssecond; 
        third.Text = sthird; 
        surname.Text = sfourth; 

        dob.Text = sdob; 
        gender.Text = sgender; 

        doc.Text = sdoc; 
        dept.Text = sdept; 

        cell.Text = scell; 
        home.Text = shome; 
        work.Text = swork; 
        email.Text = semail; 
        pemail.Text = spemail; 

        street.Text = sstreet; 
        surbub.Text = ssurbub; 
        city.Text = scity; 
        region.Text = sregion; 

        position.Text = sposition; 
        access.Text = saccess; 


        privilages.Text = sprivilages; 
        bank.Text = sbank; 
        account.Text = saccount; 
       } 


      } 
      catch (Exception ex) 
      { 
       MessageBox.Show(ex.Message); 
      } 
     }

這是包含員工詳細信息的表單背後的代碼。 home.text應該保存住宅地線號碼。假設員工在家中沒有地面線，他們會將該字段留空。

但是，每次我這樣做，我會得到一個異常拋出「不正確的整數值」。爲了讓它在數據庫中保持空白，我必須鍵入（NULL）where''this.home.text''當前在查詢中。如果我這樣做，但我無法在需要時使用home.text插入信息到數據庫中。

其他方式來做到這一點？

來源

2014-01-09 Offer

使用sql-parameters而不是字符串連接來防止sql注入。 –

您可以使用'Nullable '或'int？'映射可爲空的整數列。 – Dirk

插入關於您的SQL開放注入攻擊的常見序言（有關參數化SQL的更多信息，請參見this question）。

問題是，您將字符串插入到所有列中，而與基礎數據庫類型無關。

此：

'" + this.home.text + "'

如果爲空，將產生''，這不能被轉換爲整數。你可能會想嘗試類似：

int? homeNumber = null; // Note the int? is syntactic sugar for Nullable<int> 
if(!string.IsNullOrEmpty(home.text)) 
    homeNumber = Convert.ToInt32(home.Text);

正是如此插入：

," + homeNumber + ", ....等

來源

2014-01-09 09:54:11

你可以嘗試沿着

if (!int.TryParse(shome, out home.Text)) 
    home.Text = null;

來源

2014-01-09 09:56:46 oerkelens

我東西線相反，你應該檢查空的或null字符串，

string queryadd = "insert into users.employees (member, username, password, question, answer, first, second, third, surname, dob, gender, doc, dept, cell, home, work, email, pemail, street, surbub, city, region, position, access, privilages, bank, account) values ('" 
        + this.member.Text + "','" + this.username.Text + "','" + this.password.Text + "', '" + this.question.Text + "','" + this.answer.Text + "', '" + this.first.Text + "','" + this.second.Text + "','" + this.third.Text 
        + "','" + this.surname.Text + "', '" + this.dob.Text + "','" + this.gender.Text + "', '" + this.doc.Text + "', '" + this.dept.Text + "', '" + this.cell.Text + "','" 
        + string.IsNullOrWhiteSpace(this.home.Text) ? null : this.home.Text + "', '" 
        + this.work.Text + "', '" + this.email.Text + "', '" + this.pemail.Text + "', '" + this.street.Text + "', '" + this.surbub.Text + "', '" + this.city.Text + "', '" + this.region.Text + "', '" + this.position.Text + "', '" 
        + this.access.Text + "', '" + this.privilages.Text + "', '" + this.bank.Text + "', '" + this.account.Text 
        + "') ; insert into logon.login (username, password) values ('" + this.username.Text + "', '" + this.password.Text + "'); " 
        + " select * from users.employees where member = '" + this.member.Text + "' ;";

看看string.IsNullOrWhiteSpace(this.home.Text) ? null : this.home.Text

我不這麼認爲，你已經形成了SQL是正確，將這樣工作，即兩個SQL分隔;並且還有SELECT SQL與INSERT合併

來源

2014-01-09 10:10:18 dbw

從C＃應用程序中存儲空整數值

回答

相關問題