C# 类型为'的首次机会例外;MySql.Data.MySqlClient.MySqlException';发生在MySql.Data.dll中
我在C# 类型为'的首次机会例外;MySql.Data.MySqlClient.MySqlException';发生在MySql.Data.dll中,c#,C#,我在按钮2\u点击 类型的第一次机会例外 MySql.Data.MySqlClient.MySqlException在MySql.Data.dll中发生 主要问题是方法,您使用的是纯文本查询,这是最糟糕的方法,因为它为SQL注入攻击打开了一扇大门。您可以通过使用参数化查询来避免它们。另一件事是在构建Update查询时发生的语法错误。列名称之间缺少逗号 您必须像这样形成参数化的更新查询(让command作为命令): 请,我需要您的帮助查看异常详细信息-包括任何内部异常-以了解实际问题您列出了3个查
按钮2\u点击
类型的第一次机会例外
MySql.Data.MySqlClient.MySqlException在MySql.Data.dll中发生
主要问题是方法,您使用的是纯文本查询,这是最糟糕的方法,因为它为SQL注入攻击打开了一扇大门。您可以通过使用参数化查询来避免它们。另一件事是在构建Update
查询时发生的语法错误。列名称之间缺少逗号
您必须像这样形成参数化的更新查询(让command
作为命令):
请,我需要您的帮助查看异常详细信息-包括任何内部异常-以了解实际问题您列出了3个查询是否所有查询都失败?其中一个?您尚未显示executeQueryDB中发生的情况。。您的工作对sql注入非常开放。。然后,正如其他人所说,您需要查看异常并阅读它对附加信息的抱怨:未知列“字段列表”中的“std_previousQND”您在查询值周围使用了非常不一致的单引号。请改用命令参数。我将尝试使用此参数
private void button3_Click(object sender, EventArgs e)
{
if (MessageBox.Show(this, "Do you want to delete?", "Delete Record", MessageBoxButtons.YesNo, MessageBoxIcon.Question) == DialogResult.Yes)
{
executeQueryDB("DELETE FROM student_biodata WHERE std_matric_no='" + txtmatric.Text + "'", "Record Deleted successfully!");
GetData();
}
else
{
}
}
private void button2_Click(object sender, EventArgs e)
{
executeQueryDB("UPDATE student_biodata SET std_lastname=" + txtlastname.Text + " std_firstname=" + txtfirstname.Text + "std_phone_no=" + txtphoneno.Text + " std_gender=" + txtgender.Text + " std_previousQND=" + txtpreviousqnd.Text + " std_DOB= " + txtdob.Text + " std_address=" + txtaddress .Text + " std_programme=" + txtprogramme .Text + " std_session=" + txtsession .Text + "std_faculty=" + txtfaculty .Text + " std_department=" + txtdepartment .Text + " std_email=" + txtemail .Text + " std_top='" + txttop .Text + "' WHERE std_matric_no=' + txtmatric .Text +' ","Student Data Update successfully!");
GetData();
}
private void button1_Click(object sender, EventArgs e)
{
executeQueryDB ("INSERT INTO student_biodata (std_matric_no, std_lastname, std_firstname, std_phone_no, std_gender, std_previous_QND, std_DOB, std_address, std_programme, std_session, std_faculty, std_department, std_email, std_top) VALUES("+ txtmatric.Text + "," + txtlastname.Text + "," + txtfirstname.Text + "," + txtphoneno.Text+ "," + txtgender.Text + ",'" + txtpreviousqnd.Text + "'," + txtdob.Text + "," + txtaddress.Text + "," + txtprogramme.Text + "," + txtsession.Text + "," + txtfaculty.Text + "," + txtdepartment.Text + "," + txtemail.Text + "," + txttop.Text +") ","Student Data Added Successfully!");
GetData();
}
private void GetData()
{
OpenConnection ();
sql ="SELECT * FROM student_biodata";
cmd =new MySqlCommand (sql,cn);
da .SelectCommand =cmd ;
tb =new DataTable ();
da.Fill (tb);
dataGridView1 .DataSource =tb.DefaultView ;
CloseConnection ();
}
command.Text = "UPDATE student_biodata SET std_lastname= @lname, std_firstname= @fname WHERE std_matric_no=@no";
// Include column name and values as per your needs
command.Parameters.AddWithValue("@lname", txtLastName.Text);
command.Parameters.AddWithValue("@fname ", txtFirstName.Text);
command.Parameters.AddWithValue("@no", matricNo);
command.ExecuteNonQuery();