我在程序中尝试了准备好的语句,但是没有用。
注释的部分是“准备报表”部分。当我将其更改为常规语句时,一切都正确。
有人可以告诉我我想念什么吗?
非常感谢。
private void btnLogin_Click(object sender, EventArgs e) { MySqlCommand cmd = MySqlConn.cmd; //cmd = new MySqlCommand("SELECT * FROM admin WHERE admin_username='@val1' AND admin_password=PASSWORD('@val2')", MySqlConn.conn); //cmd.Prepare(); //cmd.Parameters.AddWithValue("@val1", tboxUserName.Text); //cmd.Parameters.AddWithValue("@val2", tboxPassword.Text); cmd = new MySqlCommand("SELECT * FROM admin WHERE admin_username='"+tboxUserName.Text+"' AND admin_password=PASSWORD('"+tboxPassword.Text+"')", MySqlConn.conn); MySqlDataReader res = cmd.ExecuteReader(); if (!res.HasRows) { MessageBox.Show("Error! "); res.Close(); return; } else { //do something } res.Close(); }
尝试'从查询中删除并Prepare在添加参数后使用:
'
Prepare
cmd = new MySqlCommand("SELECT * FROM admin WHERE admin_username=@val1 AND admin_password=PASSWORD(@val2)", MySqlConn.conn); cmd.Parameters.AddWithValue("@val1", tboxUserName.Text); cmd.Parameters.AddWithValue("@val2", tboxPassword.Text); cmd.Prepare();
