5

这就是我的表单的样子 - image

当表单加载时,我想检索在 中的玩家数据usernameLabel1所以我可以pointsLabel2.

到目前为止,这是我的代码:

Dim conn As MySqlConnection
conn = New MySqlConnection("server=REMOVED;Port=REMOVED; user id=REMOVED; password=REMOVED; database=REMOVED")
Dim username As Boolean = True
conn.Open()
Dim sqlquery As String = "SELECT Name FROM NewTable WERE Name='" & My.Settings.Name & "';"
Dim data As MySqlDataReader
Dim adapter As New MySqlDataAdapter
Dim command As New MySqlCommand
command.CommandText = sqlquery
command.Connection = conn
adapter.SelectCommand = command
data = command.ExecuteReader
While data.Read()
    Label1.Text = data(1).ToString
    Label2.Text = data(3).ToString
End While

data.Close()
conn.Close()

任何帮助将非常感激。

4

1 回答 1

4

您应该参数化您的查询以避免 sql 注入, Using以便正确处理对象,Try-Catch阻止正确处理异常。

Dim connString As String = "server=REMOVED;Port=REMOVED; user id=REMOVED; password=REMOVED; database=REMOVED"
Dim sqlQuery As String = "SELECT Name, Points FROM NewTable WHERE Name = @uname"
Using sqlConn As New MySqlConnection(connString)
    Using sqlComm As New MySqlCommand()
        With sqlComm
            .Connection = sqlConn
            .Commandtext = sqlQuery
            .CommandType = CommandType.Text
            .Parameters.AddWithValue("@uname", My.Settings.Name)
        End With
        Try
            sqlConn.Open()
            Dim sqlReader As MySqlDataReader = sqlComm.ExecuteReader()
            While sqlReader.Read()
                Label1.Text = sqlReader("Name").ToString()
                Label2.Text = sqlReader("Points").ToString()
            End While
        Catch ex As MySQLException
            ' add your exception here '
        End Try
    End Using
End Using
于 2013-09-14T11:08:18.437 回答