C# 从mysql数据库中减去一个值,其中我的减数是从文本框的值中减去的
嗨,我是c#的新手,这里有个问题,我有一个专栏名为“no_of_available_item”。我需要用文本框中的值减去它的值,它们的差值将再次输入我的列no_of_available_项,此代码不起作用,有什么帮助吗?非常感谢C# 从mysql数据库中减去一个值,其中我的减数是从文本框的值中减去的,c#,mysql,sql,C#,Mysql,Sql,嗨,我是c#的新手,这里有个问题,我有一个专栏名为“no_of_available_item”。我需要用文本框中的值减去它的值,它们的差值将再次输入我的列no_of_available_项,此代码不起作用,有什么帮助吗?非常感谢 public void Borrow_select(int intBorrow) { string str_Query; str_Query = "SELECT * FROM tbl_item WHERE id = ' + my
public void Borrow_select(int intBorrow)
{
string str_Query;
str_Query = "SELECT * FROM tbl_item WHERE id = ' + myID + '";
DbCmd = new MySqlCommand(str_Query, DbCn);
DbRead = DbCmd.ExecuteReader();
while (DbRead.Read())
{
no_of_available_item = Convert.ToInt16( DbRead["no_of_available_item"]);
int_result = no_of_available_item - intBorrow;
str_Query = "UPDATE tbl_item SET no_of_available_item = '" + int_result + "' WHERE id = '" + myID + "'";
}
}
您将获得当前值,即modify thw sql commanf,但需要再次执行该值:
public void Borrow_select(int intBorrow)
{
string str_Query;
str_Query = "SELECT * FROM tbl_item WHERE id = ' + myID + '";
DbCmd = new MySqlCommand(str_Query, DbCn);
DbCn.Open();
DbRead = DbCmd.ExecuteReader();
while (DbRead.Read())
{
no_of_available_item = Convert.ToInt16(DbRead["no_of_available_item"]);
int_result = no_of_available_item - intBorrow;
str_Query = "UPDATE tbl_item SET no_of_available_item = '" + int_result + "' WHERE id = '" + myID + "'";
}
DbCmd = new MySqlCommand(str_Query, DbCn);
DbCmd.ExecuteNonQuery();
DbCn.Close();
}
或者更好,让服务器一起做两件事:
public void Borrow_select(int intBorrow)
{
string str_Query;
str_Query = "UPDATE tbl_item SET no_of_available_item = no_of_available_item +" + int_result + " WHERE id = '" + myID + "'";
DbCmd = new MySqlCommand(str_Query, DbCn);
DbCn.Open();
DbCmd.ExecuteNonQuery();
DbCn.Close();
}
更好的是,使用参数
public void Borrow_select(int intBorrow)
{
string str_Query;
str_Query = "UPDATE tbl_item SET no_of_available_item = no_of_available_item + @int_result WHERE id = @myID";
DbCmd = new MySqlCommand(str_Query, DbCn);
DbCmd.Parameters.AddWithValue("@int_result", int_result);
DbCmd.Parameters.AddWithValue("@myID", myID);
DbCn.Open();
DbCmd.ExecuteNonQuery();
DbCn.Close();
}
试试看
public void DisplayProfile()
{
string str_Query;
str_Query = "UPDATE tbl_item SET no_of_available_item = no_of_available_item
+ @int_result WHERE id = @myID";
using (SqlConnection connection = new SqlConnection(Conn))
using (SqlCommand cmd = new SqlCommand(str_Query , connection))
{
connection.Open();
using (SqlDataReader reader = cmd.ExecuteReader())
{
// Check is the reader has any rows at all before starting to
read.
if (reader.HasRows)
{
// Read advances to the next row.
while (reader.Read())
{
int ID =
reader.GetInt32(reader.GetOrdinal("no_of_available_item"));
if (!reader.IsDBNull(ID ))
{
int_result = no_of_available_item - ID ;
UppdateMethod(int_result );
}}}}
public void UppdateMethod(int int_result )
{
string str_Query;
str_Query = "UPDATE tbl_item SET no_of_available_item =
no_of_available_item + @int_result WHERE id = @myID";
cmd= new MySqlCommand(str_Query, connection);
cmd.Parameters.AddWithValue("@int_result", int_result);
cmd.Parameters.AddWithValue("@myID", myID);
connection.Open();
cmd.ExecuteNonQuery();
connection.Close();}
我的代码不工作,不知道我的错误是什么安全注意:假设myID是一个字符串,您将受到SQL注入攻击。使用避免以及使格式化更容易..谢谢,但当我这样做时,出现了一个错误,上面写着“连接必须有效且打开。”