C# 整数值不正确:';System.Windows.Forms.Textbox,文本:1';对于列';客户id';在第一排
我不知道为什么会出现这个错误。我以前确实插入了整数值。在Form1中,我在前面的表单中插入了字符串和int值C# 整数值不正确:';System.Windows.Forms.Textbox,文本:1';对于列';客户id';在第一排,c#,database,C#,Database,我不知道为什么会出现这个错误。我以前确实插入了整数值。在Form1中,我在前面的表单中插入了字符串和int值 string customer_id = variables.cid; customerID_txt.Text = customer_id; string constring2 = "datasource=localhost;port=3306;username=root;password=root"; string Qu
string customer_id = variables.cid;
customerID_txt.Text = customer_id;
string constring2 = "datasource=localhost;port=3306;username=root;password=root";
string Query2 = "insert into artgallery.orders(customer_id,painting_id) values ('" + this.customerID_txt + "','" + this.pID_txt.Text + "');";
MySqlConnection conDatabase2 = new MySqlConnection(constring2);
并且
变量。cid
是一个字符串。尝试从值中删除引号:
string customer_id = variables.cid;
customerID_txt.Text = customer_id;
string constring2 = "datasource=localhost;port=3306;username=root;password=root";
string Query2 = "insert into artgallery.orders(customer_id,painting_id) values (" + this.customerID_txt + ",'" + this.pID_txt.Text + "');";
MySqlConnection conDatabase2 = new MySqlConnection(constring2);
如果this.customer\u id
是一个文本框,您需要将其更改为this.customer\u id.text
,就像您使用this.pID\u txt.text一样:(注意.text
并删除引号)
此外,您可能希望确保这些是整数,这样就没有人可以将代码注入数据库:
string customer_id = variables.cid;
customerID_txt.Text = customer_id;
string constring2 = "datasource=localhost;port=3306;username=root;password=root";
string Query2 = "insert into artgallery.orders(customer_id,painting_id) values (" + int.Parse(this.customerID_txt.Text) + "," + int.Parse(this.pID_txt.Text) + ");";
MySqlConnection conDatabase2 = new MySqlConnection(constring2);
删除单引号并使用customer\u id
或customerID\u txt.Text
而不是customerID\u txt
,因为它是一个组件。请尝试以下代码:
string customer_id = variables.cid;
customerID_txt.Text = customer_id;
string constring2 = "datasource=localhost;port=3306;username=root;password=root";
string Query2 = "insert into artgallery.orders(customer_id,painting_id) values (" + customer_id + ",'" + this.pID_txt.Text + "');";
MySqlConnection conDatabase2 = new MySqlConnection(constring2);
您的代码:
string Query2 = "insert into artgallery.orders(customer_id,painting_id) values ('" + this.customerID_txt + "','" + this.pID_txt.Text + "');";
创建以下sql:
insert into artgallery.orders(customer_id,painting_id) values ('xxx','yyy');
该SQL表示您正在尝试插入两个字符串。删除引号,您就可以开始了(假设该值确实是一个整数,等等)。如前所述,您希望执行参数化SQL以避免SQL注入攻击。正如其他人所指出的,强烈建议使用参数化查询。
代码应位于的行上(假设两个参数均为int):
您的表列customer\u id、painting\u id是INT或varchar?看起来您是将customer\u id作为字符串而不是整数传递的。请使用参数化查询来避免此特定问题和一般答案。customer\u id和painting\u id在我的orders表中都是INT。但是如何将其作为INT传递?如何将customerID_txt.Text转换为int?。。。希望熟悉MySQL的人能够提供适当的参数化查询作为答案,而不是解决您遇到的字符串连接问题。
insert into artgallery.orders(customer_id,painting_id) values ('xxx','yyy');
string customer_id = variables.cid;
customerID_txt.Text = customer_id;
string constring2 = "datasource=localhost;port=3306;username=root;password=root";
using (MySqlConnection connection = new MySqlConnection(constring2))
{
string query = "insert into artgallery.orders(customer_id, painting_id) values (@cutsomerId, @paintingId);";
MySqlCommand command = new MySqlCommand(query, connection);
command.Parameters.Add(new MySqlParameter("customerId", int.Parse(this.customerID_txt.Text)));
command.Parameters.Add(new MySqlParameter("paintingId", int.Parse(this.pID_txt.Text)));
command.Connection.Open();
command.ExecuteNonQuery();
}