Warning: file_get_contents(/data/phpspider/zhask/data//catemap/8/mysql/60.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
C# l、 Text=spemail; street.Text=sstreet; surbub.Text=ssurbub; city.Text=scity; region.Text=sregion; position.Text=sposition; access.Text=saccess; privilages.Text=sprivillages; bank.Text=sbank; account.Text=saccount; } } 捕获(例外情况除外) { MessageBox.Show(例如Message); } }_C#_Mysql_Wpf - Fatal编程技术网
Fatal编程技术网
  • csharp/
  • C# l、 Text=spemail; street.Text=sstreet; surbub.Text=ssurbub; city.Text=scity; region.Text=sregion; position.Text=sposition; access.Text=saccess; privilages.Text=sprivillages; bank.Text=sbank; account.Text=saccount; } } 捕获(例外情况除外) { MessageBox.Show(例如Message); } }

C# l、 Text=spemail; street.Text=sstreet; surbub.Text=ssurbub; city.Text=scity; region.Text=sregion; position.Text=sposition; access.Text=saccess; privilages.Text=sprivillages; bank.Text=sbank; account.Text=saccount; } } 捕获(例外情况除外) { MessageBox.Show(例如Message); } }

c# mysql wpf

C# l、 Text=spemail; street.Text=sstreet; surbub.Text=ssurbub; city.Text=scity; region.Text=sregion; position.Text=sposition; access.Text=saccess; privilages.Text=sprivillages; bank.Text=sbank; account.Text=saccount; } } 捕获(例外情况除外) { MessageBox.Show(例如Message); } },c#,mysql,wpf,C#,Mysql,Wpf,这是包含员工详细信息的表单背后的代码。home.text应该包含主地行号。假设员工家中没有陆地线,他们会将字段留空 然而,每次我这样做时,都会抛出一个异常,说“不正确的整数值”。要在数据库中保留为空,我必须键入(NULL),其中“this.home.text”当前在查询中。如果我这样做,我将无法在需要时使用home.text将信息插入数据库 还有其他方法吗?插入有关SQL易受注入攻击的常见前言(有关参数化SQL的更多信息,请参阅) 问题是,您将字符串插入到所有列中,而与底层数据库类型无关 这:

这是包含员工详细信息的表单背后的代码。home.text应该包含主地行号。假设员工家中没有陆地线,他们会将字段留空

然而,每次我这样做时,都会抛出一个异常,说“不正确的整数值”。要在数据库中保留为空,我必须键入(NULL),其中“this.home.text”当前在查询中。如果我这样做,我将无法在需要时使用home.text将信息插入数据库

还有其他方法吗?

插入有关SQL易受注入攻击的常见前言(有关参数化SQL的更多信息,请参阅)

问题是,您将字符串插入到所有列中,而与底层数据库类型无关

这:

“+this.home.text+”

如果为空,将生成不能转换为整数的
'
。您可能想尝试以下方法:

int? homeNumber = null;  // Note the int? is syntactic sugar for Nullable<int>
if(!string.IsNullOrEmpty(home.text))
    homeNumber = Convert.ToInt32(home.Text);

int?homeNumber=null;//注意int?语法糖是否可以为null
如果(!string.IsNullOrEmpty(home.text))
homeNumber=Convert.ToInt32(home.Text);
并据此插入:

,“+homeNumber+”,
。。。。等等。

你可以尝试一下

if (!int.TryParse(shome, out home.Text))
    home.Text = null;
我认为您应该只检查空字符串或
null
字符串

 string queryadd = "insert into users.employees (member, username, password, question, answer, first, second, third, surname, dob, gender, doc, dept, cell, home, work, email, pemail, street, surbub, city, region, position, access, privilages, bank, account) values ('"
                    + this.member.Text + "','" + this.username.Text + "','" + this.password.Text + "', '" + this.question.Text + "','" + this.answer.Text + "', '" + this.first.Text + "','" + this.second.Text + "','" + this.third.Text
                    + "','" + this.surname.Text + "', '" + this.dob.Text + "','" + this.gender.Text + "', '" + this.doc.Text + "', '" + this.dept.Text + "', '" + this.cell.Text + "','"
                    + string.IsNullOrWhiteSpace(this.home.Text) ? null : this.home.Text + "', '"  
                    + this.work.Text + "', '" + this.email.Text + "', '" + this.pemail.Text + "', '" + this.street.Text + "', '" + this.surbub.Text + "', '" + this.city.Text + "', '" + this.region.Text + "', '" + this.position.Text + "', '"
                    + this.access.Text + "', '" + this.privilages.Text + "', '" + this.bank.Text + "', '" + this.account.Text
                    + "') ; insert into logon.login (username, password) values ('" + this.username.Text + "', '" + this.password.Text + "'); "
                    + " select * from users.employees where member = '" + this.member.Text + "' ;";
查看
string.IsNullOrWhiteSpace(this.home.Text)?空:this.home.Text

我不这么认为,您形成的
SQL
是正确的并且将像这样工作,即用
分隔的两个SQL
还具有与
INSERT
合并的
SELECT
SQL

使用SQL参数而不是字符串连接来防止SQL注入。您可以使用
null
int?
来映射可为null的整数列。 
if (!int.TryParse(shome, out home.Text))
    home.Text = null;

 string queryadd = "insert into users.employees (member, username, password, question, answer, first, second, third, surname, dob, gender, doc, dept, cell, home, work, email, pemail, street, surbub, city, region, position, access, privilages, bank, account) values ('"
                    + this.member.Text + "','" + this.username.Text + "','" + this.password.Text + "', '" + this.question.Text + "','" + this.answer.Text + "', '" + this.first.Text + "','" + this.second.Text + "','" + this.third.Text
                    + "','" + this.surname.Text + "', '" + this.dob.Text + "','" + this.gender.Text + "', '" + this.doc.Text + "', '" + this.dept.Text + "', '" + this.cell.Text + "','"
                    + string.IsNullOrWhiteSpace(this.home.Text) ? null : this.home.Text + "', '"  
                    + this.work.Text + "', '" + this.email.Text + "', '" + this.pemail.Text + "', '" + this.street.Text + "', '" + this.surbub.Text + "', '" + this.city.Text + "', '" + this.region.Text + "', '" + this.position.Text + "', '"
                    + this.access.Text + "', '" + this.privilages.Text + "', '" + this.bank.Text + "', '" + this.account.Text
                    + "') ; insert into logon.login (username, password) values ('" + this.username.Text + "', '" + this.password.Text + "'); "
                    + " select * from users.employees where member = '" + this.member.Text + "' ;";