C# 在eecute reader上接收到我的sql语法不正确的错误_C#_Mysql_Connection String_Mysqlcommand

C# 在eecute reader上接收到我的sql语法不正确的错误

c# mysql

C# 在eecute reader上接收到我的sql语法不正确的错误,c#,mysql,connection-string,mysqlcommand,C#,Mysql,Connection String,Mysqlcommand,我想问题是在一个命令中有两个独立的查询。有没有办法绕过这个问题连接字符串中填充了示例数据，但连接正确我还知道，在实际文件中放置连接字符串是不安全的，但目前这只是出于测试目的 using System; using System.Collections.Generic; using System.ComponentModel; using System.Data; using System.Drawing; using System.Linq; using System.Text; using

我想问题是在一个命令中有两个独立的查询。有没有办法绕过这个问题

连接字符串中填充了示例数据，但连接正确

我还知道，在实际文件中放置连接字符串是不安全的，但目前这只是出于测试目的

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading;
using System.Threading.Tasks;
using System.Windows.Forms;
using MySql.Data.MySqlClient;

namespace Multiple_forms
{
    public partial class Register : Form
    {
        public Register()
        {
            InitializeComponent();
        }

        private void registerSubmitButton_Click(object sender, EventArgs e)
        {
            string myConnection = "Server=localhost;Database=Houses;Uid=user;Pwd=password;";
            MySqlConnection myConn = new MySqlConnection(myConnection);

            string selectQuery = "Select * from users where RegistrationKey = '" + this.regKeyTextBox.Text + ";" + "UPDATE users set UserName = '" + this.regUsernameTextBox.Text.ToLower() +
                                 "', Password = '" + this.regPasswordTextBox.Text + "', Email ='" +
                                 this.regEmailTextBox.Text + "' WHERE RegistrationKey = '" + this.regKeyTextBox.Text +
                                 "';";

            string inputPass = this.regPasswordTextBox.Text;
            string inputPassConfirm = this.regPasswordConfirmTextBox.Text;

            MySqlCommand selectCommand = new MySqlCommand(selectQuery, myConn);
            MySqlDataReader myReader;

            if (inputPass == inputPassConfirm)
            {
                myConn.Open();
                myReader = selectCommand.ExecuteReader();



            int regCount = 0;
            while (myReader.Read())
            {
                regCount = regCount + 1;
            }

            if (regCount == 1)
                {
                    MessageBox.Show("You have registered successfully!");
                }
                else
                {
                    MessageBox.Show("Invalid registration key.");
                }
            }
            else
            {
                MessageBox.Show("Passwords don't match.");
                Thread.Sleep(2000);
                this.Close();
            }
        }
    }
}

因为您收到一个Sql语法错误，我怀疑问题在于您的查询

selectQuery

。正如您在下面看到的，您没有关闭

this.regKeyTextBox.Text

后面的引号

 string selectQuery = "Select * from users where RegistrationKey = '" + this.regKeyTextBox.Text + ";" + "UPDATE users set UserName = '" + this.regUsernameTextBox.Text.ToLower() +
                      "', Password = '" + this.regPasswordTextBox.Text + "', Email ='" +
                      this.regEmailTextBox.Text + "' WHERE RegistrationKey = '" + this.regKeyTextBox.Text +
                      "';";

尝试将查询更改为：

string selectQuery = "Select * from users where RegistrationKey = '" + this.regKeyTextBox.Text + "';" + "UPDATE users set UserName = '" + this.regUsernameTextBox.Text.ToLower() +
                      "', Password = '" + this.regPasswordTextBox.Text + "', Email ='" +
                      this.regEmailTextBox.Text + "' WHERE RegistrationKey = '" + this.regKeyTextBox.Text +
                      "';";

因为您收到一个Sql语法错误，我怀疑问题在于您的查询

selectQuery

。正如您在下面看到的，您没有关闭

this.regKeyTextBox.Text

后面的引号

 string selectQuery = "Select * from users where RegistrationKey = '" + this.regKeyTextBox.Text + ";" + "UPDATE users set UserName = '" + this.regUsernameTextBox.Text.ToLower() +
                      "', Password = '" + this.regPasswordTextBox.Text + "', Email ='" +
                      this.regEmailTextBox.Text + "' WHERE RegistrationKey = '" + this.regKeyTextBox.Text +
                      "';";

尝试将查询更改为：

string selectQuery = "Select * from users where RegistrationKey = '" + this.regKeyTextBox.Text + "';" + "UPDATE users set UserName = '" + this.regUsernameTextBox.Text.ToLower() +
                      "', Password = '" + this.regPasswordTextBox.Text + "', Email ='" +
                      this.regEmailTextBox.Text + "' WHERE RegistrationKey = '" + this.regKeyTextBox.Text +
                      "';";

像这样更新它

string selectQuery = "Select * from users where RegistrationKey = '" + this.regKeyTextBox.Text + "';" + "UPDATE users set UserName = '" + this.regUsernameTextBox.Text.ToLower() +
                                 "', Password = '" + this.regPasswordTextBox.Text + "', Email ='" +
                                 this.regEmailTextBox.Text + "' WHERE RegistrationKey = '" + this.regKeyTextBox.Text +
                                 "';";

像这样更新它

string selectQuery = "Select * from users where RegistrationKey = '" + this.regKeyTextBox.Text + "';" + "UPDATE users set UserName = '" + this.regUsernameTextBox.Text.ToLower() +
                                 "', Password = '" + this.regPasswordTextBox.Text + "', Email ='" +
                                 this.regEmailTextBox.Text + "' WHERE RegistrationKey = '" + this.regKeyTextBox.Text +
                                 "';";

我认为您的查询

selectQuery

包含错误。你没有在第一个错误后关闭引号，保存实际密码…第二个错误：使用用户输入构建sql语句而不转义输入。我知道第二个错误，目前这是一个测试，但是，除了第一个错误，还有什么替代方法？@O'Cheezy hashing and salting，永远不要存储那样的密码。我认为您的查询

selectQuery

包含错误。你没有在第一个错误后关闭引号，保存实际密码…第二个错误：使用用户输入构建sql语句而不转义输入。我知道第二个错误，目前这是一个测试，但是，除了第一个错误，还有什么替代方法？@O'Cheezy hashing and salting，永远不要存储这样的密码。我觉得一个小的语法错误很愚蠢，但谢谢你！别担心，这种事情经常发生。我为一个小的语法错误感到很愚蠢，但谢谢你！别担心，这种事经常发生。