c# - 在 C# 中更新数据库命令

Question

        using (MySqlCommand bb = new MySqlCommand("UPDATE  members SET  Begin = 1 WHERE id ='" + uid + "';"))
        {
            bb.Connection = con;
            con.Open();
            using (MySqlCommand fff = new MySqlCommand("UPDATE  members SET  b = 1 WHERE id ='" + uid + "';"))
            {
                fff.Connection = con;
            }
            this.Hide();
            Main main = new Main();
            main.Show();
        }

我正在尝试将两个表 B 和 Begin to 1 更​​新为当前登录的用户（我的 uid 命令：

  using (MySqlCommand id = new MySqlCommand("SELECT id FROM members WHERE username='" + textBox1.Text + "';"))
                            {
                                id.Connection = con;
                                MySqlDataReader read3 = cmd.ExecuteReader();
                                read3.Dispose();
                                int idd = (int)id.ExecuteScalar();
                                uid = idd;
                                Begin.uid = idd;
                                MySqlDataReader read4 = id.ExecuteReader();
                                read4.Dispose();
                                id.Dispose();
                            }

我不知道为什么，但它不会更新数据库。

Answer 1

你没有执行命令。

你需要fff.ExecuteScalar(); 和bb.ExecuteScalar();

或者ExecuteNonQuery();

您也容易受到攻击SQL Injection，请尝试使用参数化查询。

例如：

 bb.CommandText = "UPDATE members SET  Begin = 1 WHERE id = @id";  
 bb.Parameters.AddWithValue("@id", id);
 bb.ExecuteNonQuery();

Answer 2

首先是用户参数化查询，其次是调用ExecuteNonQuery()任何SqlCommands.

using (MySqlCommand bb = new MySqlCommand("UPDATE  members SET  Begin = 1 WHERE id = @id;"))
{
    bb.Parameters.AddWithValue("@id", uid);
    bb.Connection = con;
    con.Open();

    bb.ExecuteNonQuery();

    using (MySqlCommand fff = new MySqlCommand("UPDATE  members SET  b = 1 WHERE id = @id;"))
    {
        fff.Parameters.AddWithValue("@id", uid);
        fff.Connection = con;

        fff.ExecuteNonQuery();
    }

    this.Hide();
    Main main = new Main();
    main.Show();
}