C# 在eecute reader上接收到我的sql语法不正确的错误
我想问题是在一个命令中有两个独立的查询。有没有办法绕过这个问题 连接字符串中填充了示例数据,但连接正确 我还知道,在实际文件中放置连接字符串是不安全的,但目前这只是出于测试目的C# 在eecute reader上接收到我的sql语法不正确的错误,c#,mysql,connection-string,mysqlcommand,C#,Mysql,Connection String,Mysqlcommand,我想问题是在一个命令中有两个独立的查询。有没有办法绕过这个问题 连接字符串中填充了示例数据,但连接正确 我还知道,在实际文件中放置连接字符串是不安全的,但目前这只是出于测试目的 using System; using System.Collections.Generic; using System.ComponentModel; using System.Data; using System.Drawing; using System.Linq; using System.Text; using
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading;
using System.Threading.Tasks;
using System.Windows.Forms;
using MySql.Data.MySqlClient;
namespace Multiple_forms
{
public partial class Register : Form
{
public Register()
{
InitializeComponent();
}
private void registerSubmitButton_Click(object sender, EventArgs e)
{
string myConnection = "Server=localhost;Database=Houses;Uid=user;Pwd=password;";
MySqlConnection myConn = new MySqlConnection(myConnection);
string selectQuery = "Select * from users where RegistrationKey = '" + this.regKeyTextBox.Text + ";" + "UPDATE users set UserName = '" + this.regUsernameTextBox.Text.ToLower() +
"', Password = '" + this.regPasswordTextBox.Text + "', Email ='" +
this.regEmailTextBox.Text + "' WHERE RegistrationKey = '" + this.regKeyTextBox.Text +
"';";
string inputPass = this.regPasswordTextBox.Text;
string inputPassConfirm = this.regPasswordConfirmTextBox.Text;
MySqlCommand selectCommand = new MySqlCommand(selectQuery, myConn);
MySqlDataReader myReader;
if (inputPass == inputPassConfirm)
{
myConn.Open();
myReader = selectCommand.ExecuteReader();
int regCount = 0;
while (myReader.Read())
{
regCount = regCount + 1;
}
if (regCount == 1)
{
MessageBox.Show("You have registered successfully!");
}
else
{
MessageBox.Show("Invalid registration key.");
}
}
else
{
MessageBox.Show("Passwords don't match.");
Thread.Sleep(2000);
this.Close();
}
}
}
}
因为您收到一个Sql语法错误,我怀疑问题在于您的查询
selectQuery
。正如您在下面看到的,您没有关闭this.regKeyTextBox.Text
后面的引号
string selectQuery = "Select * from users where RegistrationKey = '" + this.regKeyTextBox.Text + ";" + "UPDATE users set UserName = '" + this.regUsernameTextBox.Text.ToLower() +
"', Password = '" + this.regPasswordTextBox.Text + "', Email ='" +
this.regEmailTextBox.Text + "' WHERE RegistrationKey = '" + this.regKeyTextBox.Text +
"';";
尝试将查询更改为:
string selectQuery = "Select * from users where RegistrationKey = '" + this.regKeyTextBox.Text + "';" + "UPDATE users set UserName = '" + this.regUsernameTextBox.Text.ToLower() +
"', Password = '" + this.regPasswordTextBox.Text + "', Email ='" +
this.regEmailTextBox.Text + "' WHERE RegistrationKey = '" + this.regKeyTextBox.Text +
"';";
因为您收到一个Sql语法错误,我怀疑问题在于您的查询
selectQuery
。正如您在下面看到的,您没有关闭this.regKeyTextBox.Text
后面的引号
string selectQuery = "Select * from users where RegistrationKey = '" + this.regKeyTextBox.Text + ";" + "UPDATE users set UserName = '" + this.regUsernameTextBox.Text.ToLower() +
"', Password = '" + this.regPasswordTextBox.Text + "', Email ='" +
this.regEmailTextBox.Text + "' WHERE RegistrationKey = '" + this.regKeyTextBox.Text +
"';";
尝试将查询更改为:
string selectQuery = "Select * from users where RegistrationKey = '" + this.regKeyTextBox.Text + "';" + "UPDATE users set UserName = '" + this.regUsernameTextBox.Text.ToLower() +
"', Password = '" + this.regPasswordTextBox.Text + "', Email ='" +
this.regEmailTextBox.Text + "' WHERE RegistrationKey = '" + this.regKeyTextBox.Text +
"';";
像这样更新它
string selectQuery = "Select * from users where RegistrationKey = '" + this.regKeyTextBox.Text + "';" + "UPDATE users set UserName = '" + this.regUsernameTextBox.Text.ToLower() +
"', Password = '" + this.regPasswordTextBox.Text + "', Email ='" +
this.regEmailTextBox.Text + "' WHERE RegistrationKey = '" + this.regKeyTextBox.Text +
"';";
像这样更新它
string selectQuery = "Select * from users where RegistrationKey = '" + this.regKeyTextBox.Text + "';" + "UPDATE users set UserName = '" + this.regUsernameTextBox.Text.ToLower() +
"', Password = '" + this.regPasswordTextBox.Text + "', Email ='" +
this.regEmailTextBox.Text + "' WHERE RegistrationKey = '" + this.regKeyTextBox.Text +
"';";
我认为您的查询
selectQuery
包含错误。你没有在第一个错误后关闭引号,保存实际密码…第二个错误:使用用户输入构建sql语句而不转义输入。我知道第二个错误,目前这是一个测试,但是,除了第一个错误,还有什么替代方法?@O'Cheezy hashing and salting,永远不要存储那样的密码。我认为您的查询selectQuery
包含错误。你没有在第一个错误后关闭引号,保存实际密码…第二个错误:使用用户输入构建sql语句而不转义输入。我知道第二个错误,目前这是一个测试,但是,除了第一个错误,还有什么替代方法?@O'Cheezy hashing and salting,永远不要存储这样的密码。我觉得一个小的语法错误很愚蠢,但谢谢你!别担心,这种事情经常发生。我为一个小的语法错误感到很愚蠢,但谢谢你!别担心,这种事经常发生。