C# MYSQL

本文介绍了C# MYSQL - 我无法插入布尔值的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述 private void button1_Click(object sender, EventArgs e) { // Início da Conexão com indicação de qual o servidor, nome de base de dados e utilizar /* É aconselhável criar um utilizador com password. Para acrescentar a password é somente necessário acrescentar o seguinte código a seguir ao uid=root;password=xxxxx*/ mConn = new MySqlConnection("Persist Security Info=False; server=localhost;database=FichasReparacao;uid=root"); // Abre a conexão mConn.Open(); //Query SQL MySqlCommand command = new MySqlCommand("INSERT INTO Cliente (nome, email, telefone, blacklist)" + "VALUES('" + nome_cli.Text + "','" + email_cli.Text + "','" + telefone_cli.Text + "','" + false + "')", mConn); //Executa a Query SQL command.ExecuteNonQuery(); // Fecha a conexão mConn.Close(); //Mensagem de Sucesso MessageBox.Show("Gravado com Sucesso!", "Informação", MessageBoxButtons.OK, MessageBoxIcon.Information); }

这是完整的按钮代码，我没有收到任何错误消息..我尝试使用一个带有 false/true 值的变量，但什么也没有，我总是得到 0 值.

Here's the full button code, I'm not receiving any error messages .. I tried using a variable with a false/true value but nothing, I always get the 0 value.

推荐答案

使用参数化查询

MySqlCommand command = new MySqlCommand("INSERT INTO Cliente " + "(nome, email, telefone, blacklist)" + "VALUES(@nome, @email, @tel, @bl)"; command.Parameters.AddWithValue("@nome",nome_cli.Text); command.Parameters.AddWithValue("@email", email_cli.Text); command.Parameters.AddWithValue("@tel", telefone_cli.Text); command.Parameters.AddWithValue("@bl", 0); command.ExecuteNonQuery();

通过这种方式，MySql 的网络框架和 ADO.NET 提供程序以正确的方式将您的值传递给数据库引擎.例如，如果您的输入文本之一包含单引号，您的代码将因语法错误而失败.而且，如果您有恶意用户，您可能会面临 Sql 注入

In this way the net framework and the ADO.NET provider of MySql work to pass your values to the database engine in the correct way. If, for example, one of your input text contains a single quote, your code will fail with a syntax error. And, if you have a malicious user, you risk a Sql Injection