c#mysqlcommand并插入mysql数据库
我有一个将字段列表插入数据库的程序。当我使用自己的计算机插入datetime字段时,它看起来很好。但是,当我使用Windows7中文版插入它时,字段变成0000-00-00:00:00 这是命令c#mysqlcommand并插入mysql数据库,c#,mysql,datetime,mysqlconnection,C#,Mysql,Datetime,Mysqlconnection,我有一个将字段列表插入数据库的程序。当我使用自己的计算机插入datetime字段时,它看起来很好。但是,当我使用Windows7中文版插入它时,字段变成0000-00-00:00:00 这是命令 MySqlCommand myCommand4 = new MySqlCommand("Insert into OrderRecords_table values('" + OrderIDLabel.Text + "','" + customerCode + "','" + customer + "',
MySqlCommand myCommand4 = new MySqlCommand("Insert into OrderRecords_table values('" + OrderIDLabel.Text + "','" + customerCode + "','" + customer + "','" + TelComboBox.Text + "','" + LicenseComboBox.Text + "','" +
DriverComboBox.Text + "','" + AddressComboBox.Text + "','" + LocationTypeComboBox.Text + "','" + PickupComboBox.Text + "','" + CustomerTypeLabel.Text + "','" +
Convert.ToDecimal(TotalPriceLabel.Text) + "','" + status + "','" + note + "','" + sandReceiptNo + "','" + createtiming + "','" + Convert.ToDateTime(DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss")) + "')", myConnection);
myCommand4.ExecuteNonQuery();
STR_TO_DATE(“+DateTime.Now.ToString(“yyyy-MM-dd HH:MM:ss”)+”,“%Y/%M/%d/%H/%M/%s”)”)“var sql = "insert into OrderRecords_table values(@OrderID, @customercode, @customer, @PhoneNumber, @license, @driver, @address, @type, @pickupLocation, @PaymentMethod, @totalPrice, @status, @notes, @sandreceiptNo,@createTime, @EditTime)";
using (var myCommand4 = new MySqlCommand(sql, myConnection))
{
myCommand4.Parameters.AddWithValue("@orderId", MySqlDbType.VarChar).Value = OrderIDLabel.Text;
myCommand4.Parameters.AddWithValue("@customercode", MySqlDbType.VarChar).Value = customerCode;
myCommand4.Parameters.AddWithValue("@customer",MySqlDbType.VarChar).Value = customer;
myCommand4.Parameters.AddWithValue("@PhoneNumber", MySqlDbType.VarChar).Value =TelComboBox.Text;
myCommand4.Parameters.AddWithValue("@license", MySqlDbType.VarChar).Value = LicenseComboBox.Text;
myCommand4.Parameters.AddWithValue("@driver", MySqlDbType.VarChar).Value = DriverComboBox.Text;
myCommand4.Parameters.AddWithValue("@address", MySqlDbType.VarChar).Value = AddressComboBox.Text;
myCommand4.Parameters.AddWithValue("@Type", MySqlDbType.VarChar).Value = LocationTypeComboBox.Text;
myCommand4.Parameters.AddWithValue("@pickupLocation", MySqlDbType.VarChar).Value = PickupComboBox.Text;
myCommand4.Parameters.AddWithValue("@PaymentMethod", MySqlDbType.VarChar).Value = CustomerTypeLabel.Text;
myCommand4.Parameters.AddWithValue("@totalPrice", MySqlDbType.Decimal).Value = Convert.ToDecimal(TotalPriceLabel.Text);
myCommand4.Parameters.AddWithValue("@status", MySqlDbType.VarChar).Value = status;
myCommand4.Parameters.AddWithValue("@notes", MySqlDbType.VarChar).Value =status;
myCommand4.Parameters.AddWithValue("@sandreceiptNo", MySqlDbType.VarChar).Value = sandReceiptNo;
myCommand4.Parameters.AddWithValue("@createTiming", MySqlDbType.DateTime).Value = createtiming;
myCommand4.Parameters.AddWithValue("@EditTime", MySqlDbType.DateTime).Value = DateTime.Now;
myCommand4.ExecuteNonQuery();
它说我有一些无效的输入,但我已经检查了几次,所有字段都被指定为正确的类型…不知道发生了什么事我已经将您的代码重写为更标准化的实现(使用最佳实践)。请注意,我已将您的查询提取到一个单独的变量中,以使代码和查询更具可读性
MySqlCommand Insert = new MySqlCommand("INSERT INTO [TABLE] ([Date], [TEXT]) VALUES(@Date, @Text) ", myConnection);
Insert.CommandTimeout = 60; //if you need
Insert.Parameters.AddWithValue("@Date", DateTime.Now);
Insert.Parameters.AddWithValue("@Text", "Hello word!");
Insert.ExecuteNonQuery();
Insert.Dispose();
var sql = "insert into orderrecords_table values " +
"(@orderId, " +
" @customercode, " +
" @customer, " +
" @telephone, " +
" @license, " +
" @driver, " +
" @address " +
" @locationType, " +
" @pickup, " +
" @customerType, " +
" @totalPrice, " +
" @status, " +
" @note, " +
" @sandreceiptNo, " +
" @createTiming, " +
" @currentTime) ";
using (var myCommand4 = new MySqlComm## Heading ##and(sql, connection))
{
myCommand4.Parameters.AddWithValue("@orderId", OrderIDLabel.Text) ;
myCommand4.Parameters.AddWithValue("@customercode", customerCode);
myCommand4.Parameters.AddWithValue("@customer", customer);
myCommand4.Parameters.AddWithValue("@telephone", TelComboBox.Text);
myCommand4.Parameters.AddWithValue("@license", LicenseComboBox.Text);
myCommand4.Parameters.AddWithValue("@driver", DriverComboBox.Text);
myCommand4.Parameters.AddWithValue("@address", AddressComboBox.Text);
myCommand4.Parameters.AddWithValue("@locationType", LocationTypeComboBox.Text);
myCommand4.Parameters.AddWithValue("@pickup", PickupComboBox.Text);
myCommand4.Parameters.AddWithValue("@customerType", CustomerTypeLabel.Text);
myCommand4.Parameters.AddWithValue("@totalPrice", Convert.ToDecimal(TotalPriceLabel.Text));
myCommand4.Parameters.AddWithValue("@status", status);
myCommand4.Parameters.AddWithValue("@note", status);
myCommand4.Parameters.AddWithValue("@sandreceiptNo", sandReceiptNo);
myCommand4.Parameters.AddWithValue("@createTiming", createtiming);
myCommand4.Parameters.AddWithValue("@currentTime", DateTime.Now);
myCommand4.ExecuteNonQuery();
}
它不仅看起来杂乱无章,还可以进行sql注入。使用sql参数。这也解决了作为副业的本地化问题。将您的语句更改为使用@parameters,那么您将不会遇到不同区域性设置的问题,第二个好处是:您不会遇到包含“…sql注入…请修改”的用户输入问题不要连接字符串来生成SQL语句!使用参数化查询更简单、更快、更安全。您也不必关心转换或区域性-只需将日期作为日期参数传递,将小数作为小数参数传递。感谢大家的快速回复,但是我不太明白使用参数的意义,是吗可以给我看一些例子吗?这是我第一次使用mysqlconnection,我最近刚开始使用database@PanagiotisKanavosGoogle学习ADO.NET和参数化查询的任何教程,例如,对于那些orderID、驱动程序等,我想把“?“在那儿?或者您只是说您不确定列名?@benjiWong Sql参数以令牌开头(通常是
@???@AddWithValue()?@