-1

好的,主要参考我的第一个问题代码,我希望用户在运行时输入员工姓名,然后我将用户输入的这个姓名与我的 emp 表的 e_name 进行比较,如果它存在我想显示所有该员工的信息,我怎样才能做到这一点?

using System;
using System.Collections.Generic;
using System.Linq;
using System.Windows.Forms;
using MySql.Data.MySqlClient;

namespace ConnectCsharppToMySQL
{
    public  class DBConnect
    {
        private MySqlConnection connection;
        private string server;
        private string database;
        private string uid;
        private string password;

        string name;

        //Constructor
        public DBConnect()
        {
            Initialize();
        }

        //Initialize values
        private void Initialize()
        {
            server = "localhost";
            database = "test";
            uid = "root";
            password = "";
            string connectionString;
            connectionString = "SERVER=" + server + ";" + "DATABASE=" +
            database + ";" + "UID=" + uid + ";" + "PASSWORD=" + password + ";";

            connection = new MySqlConnection(connectionString);
        }

        //open connection to database
        private bool OpenConnection()
        {
            try
            {
                connection.Open();
                return true;
            }
            catch (MySqlException ex)
            {
                //When handling errors, you can your application's response based 
                //on the error number.
                //The two most common error numbers when connecting are as follows:
                //0: Cannot connect to server.
                //1045: Invalid user name and/or password.
                switch (ex.Number)
                {
                    case 0:
                        MessageBox.Show("Cannot connect to server.  Contact administrator");
                        break;

                    case 1045:
                        MessageBox.Show("Invalid username/password, please try again");
                        break;
                }
                return false;
            }
        }

        //Close connection
        private bool CloseConnection()
        {
            try
            {
                connection.Close();
                return true;
            }
            catch (MySqlException ex)
            {
                MessageBox.Show(ex.Message);
                return false;
            }
        }

        //Insert statement
        public void Insert()
        {
            string query = "INSERT INTO emp (e_name, age) VALUES('Pooja R', '21')";

            //open connection
            if (this.OpenConnection() == true)
            {
                //create command and assign the query and connection from the constructor
                MySqlCommand cmd = new MySqlCommand(query, connection);

                //Execute command
                cmd.ExecuteNonQuery();

                //close connection
                this.CloseConnection();
            }
        }

        //Update statement
        public void Update()
        {
            string query = "UPDATE emp SET e_name='Peachy', age='22' WHERE e_name='Pooja R'";

            //Open connection
            if (this.OpenConnection() == true)
            {
                //create mysql command
                MySqlCommand cmd = new MySqlCommand();
                //Assign the query using CommandText
                cmd.CommandText = query;
                //Assign the connection using Connection
                cmd.Connection = connection;

                //Execute query
                cmd.ExecuteNonQuery();

                //close connection
                this.CloseConnection();
            }
        }    

        //Select statement
        public List<string>[] Select()
        {

            string query = "SELECT * FROM emp where e_name=(/*I WANT USER ENTERED NAME TO GET INSERTED HERE*/)";


            //Create a list to store the result
            List<string>[] list = new List<string>[3];
            list[0] = new List<string>();
            list[1] = new List<string>();
            list[2] = new List<string>();

            //Open connection
            if (this.OpenConnection() == true)
            {
                //Create Command
                MySqlCommand cmd = new MySqlCommand(query, connection);
                //Create a data reader and Execute the command
                MySqlDataReader dataReader = cmd.ExecuteReader();

                //Read the data and store them in the list
                while (dataReader.Read())
                {
                    list[0].Add(dataReader["e_id"] + "");
                    list[1].Add(dataReader["e_name"] + "");
                    list[2].Add(dataReader["age"] + "");
                }

                //close Data Reader
                dataReader.Close();

                //close Connection
                this.CloseConnection();

                //return list to be displayed
                return list;
            }
            else
            {
                return list;
            }
        }


        public static void Main(String[] args)
        {

            DBConnect db1 = new DBConnect();
            Console.WriteLine("Initializing"); 
            db1.Initialize();

             Console.WriteLine("Search :");
             Console.WriteLine("Enter the employee name");
             db1.name = Console.ReadLine();
             db1.Select();

                      Console.ReadLine();

        }
    }

}
4

2 回答 2

0

使用 MySqlParameter 作为:

using (MySqlConnection connection = new MySqlConnection(connectionString))
{
    connection.Open();
    using (MySqlCommand command = new MySqlCommand ("SELECT * FROM emp where e_name =@Name", connection))
    {
        //
        // Add new SqlParameter to the command.
        //
        command.Parameters.AddWithValue("@Name", name);// name is get from console read line. 

        //
        // Read in the SELECT results.
        //
        MySqlDataReader reader = command.ExecuteReader();
        while (reader.Read())
        {
            // read each value 
        }
    }
}

编辑

这是您需要做的更改

//add name as Select method parameter
public List<string>[] Select(string name)
{
  string query = "SELECT * FROM emp where e_name =@Name"; // change your select query 

  ....

  MySqlCommand cmd = new MySqlCommand(query, connection);
  cmd.Parameters.AddWithValue("@Name", name) // add this line after creating command 

  ....
}

将上述方法称为

 db1.name = Console.ReadLine();
 db1.Select(db1.name);
于 2012-06-09T16:18:58.427 回答
0

此方法需要接受一个参数:

public List<string>[] Select()

像这样的东西,很可能是:

public List<string>[] Select(string name)

然后,在该方法中,您可以引用该name变量。调用该方法时,您将提供该变量:

var listOfResults = dbConnectInstance.Select(someNameValue);

一旦该变量出现在您的方法中,您就可以在 SQL 查询中使用它。您可以通过将其设置为SELECT查询中的参数来执行此操作。可能是这样的(请记住,这是徒手代码,我没有方便测试的 MySql .NET 库):

string query = "SELECT * FROM emp where e_name=@ename";
//... (opening the connection like you do now, etc.)
MySqlCommand cmd = new MySqlCommand(query, connection);
cmd.Parameters.Add("@ename", MySqlDbType.VarChar, 80).Value = name;
//... (continuing as you do now)

这本质上是在名为的查询中创建一个占位符@ename(它可以被称为任何东西,这@是作为占位符的重要部分),它期望被实际值替换。Parameters在命令对象的集合中添加一个项目就是用值替换占位符。

这在 ADO.NET(这是您正在使用的数据库连接技术)中称为“参数化查询”。它有助于使您的查询保持动态(一个查询可以以不同的值重复使用)以及有助于防止SQL 注入攻击(请注意,我说有助于防止,因为它不是灵丹妙药,一般而言,增加对该主题的理解是您的最好的防守)。

更多关于 MySql .NET 库的查询和参数的信息可以从这里开始

于 2012-06-09T16:19:46.737 回答