mysql-parameter | 易学教程

C# MySqlParameter problem

阅读更多关于 C# MySqlParameter problem

问题 (int) faultsGroup is 0 or 1 but i always get this error: Column 'FaultGroup' cannot be null Does anyone tell me why? Syntax looks ok. MySqlCommand cmdAdd = new MySqlCommand("INSERT INTO Faults (" + " FaultGroup, Text, Date, IP" + ") VALUES (" + " @FaultGroup, @Text, @Date, @IP" + ")", conn); MySqlParameter paramFaultGroup = new MySqlParameter("@FaultGroup", MySqlDbType.Int32); FaultsGroup faultsGroup = (FaultsGroup) Enum.Parse(typeof (FaultsGroup), myFault.FaultGroup); paramFaultGroup.Value =

C# MySqlParameter problem

阅读更多关于 C# MySqlParameter problem

Add List<int> to a mysql parameter

阅读更多关于 Add List to a mysql parameter

问题 I have this question about the MySqlParameter from the .NET connector. I have this query: SELECT * FROM table WHERE id IN (@parameter) And the MySqlParameter is: intArray = new List<int>(){1,2,3,4}; ...connection.Command.Parameters.AddWithValue("parameter", intArray); This is possible? Is possible to pass an array of int to a single MySqlParameter? The other solution will be convert the array of int to a string such like "1,2,3,4", but this, when i pass it to the MySqlParameter and this is

C# and MySQL .NET Connector - Any way of preventing SQL Injection attacks in a generic class?

阅读更多关于 C# and MySQL .NET Connector - Any way of preventing SQL Injection attacks in a generic class?

问题 My idea is to create some generic classes for Insert/Update/Select via a C# (3.5) Winforms app talking with a MySQL database via MySQL .NET Connector 6.2.2. For example: public void Insert(string strSQL) { if (this.OpenConnection() == true) { MySqlCommand cmd = new MySqlCommand(strSQL, connection); cmd.ExecuteNonQuery(); this.CloseConnection(); } } Then from anywhere in the program I can run a query with/without user input by just passing a SQL query string. Reading around on SO is starting

MySqlParameter as TableName

阅读更多关于 MySqlParameter as TableName

问题 I want to use MySqlParameter to pass tableName into query (to prevent slq injections) MySqlCommand cmd = new MySqlCommand("select * from @table"), cn) cmd.Parameters.AddWithValue("@table",TableName); But this is not working. How can I pass tableName as parameter P.S. I tried to change @ to ? - not working 回答1: You cannot pass table name as parameter. You have to use dynamic SQL to do this, so you have to string concentration to do it, for example MySqlCommand cmd = new MySqlCommand(String

MySQL query parameters in a Pentaho CE dashboard

阅读更多关于 MySQL query parameters in a Pentaho CE dashboard

问题 First, I'm on Pentaho CE 8.0. And I'm not an expert on Pentaho . The question seems simple but I cannot get it working. I'm trying for a dashboard to use a simple parameter for a WHERE condition in a MySQL query . The Bootstrap layout has 3 columns, one for each component (filter, text, table). Simple parameter: - Name: salesrep_selection - Property value: mike Filter component (to select the sales rep): - Name: salesrep_selection_filter - Parameter: salesrep_selection - Values Array: [["mike

Add List<int> to a mysql parameter

阅读更多关于 Add List to a mysql parameter

I have this question about the MySqlParameter from the .NET connector. I have this query: SELECT * FROM table WHERE id IN (@parameter) And the MySqlParameter is: intArray = new List<int>(){1,2,3,4}; ...connection.Command.Parameters.AddWithValue("parameter", intArray); This is possible? Is possible to pass an array of int to a single MySqlParameter? The other solution will be convert the array of int to a string such like "1,2,3,4", but this, when i pass it to the MySqlParameter and this is recognized as a string, it puts in the sql query like "1\,2\,3\,4" and this do not return the expected

MySqlParameter as TableName

阅读更多关于 MySqlParameter as TableName

I want to use MySqlParameter to pass tableName into query (to prevent slq injections) MySqlCommand cmd = new MySqlCommand("select * from @table"), cn) cmd.Parameters.AddWithValue("@table",TableName); But this is not working. How can I pass tableName as parameter P.S. I tried to change @ to ? - not working Vimvq1987 You cannot pass table name as parameter. You have to use dynamic SQL to do this, so you have to string concentration to do it, for example MySqlCommand cmd = new MySqlCommand(String.Format("select * from {0}",tableName), cn) But because users input the tableName, so SQL injection is

C# MySqlParameter problem

阅读更多关于 C# MySqlParameter problem

(int) faultsGroup is 0 or 1 but i always get this error: Column 'FaultGroup' cannot be null Does anyone tell me why? Syntax looks ok. MySqlCommand cmdAdd = new MySqlCommand("INSERT INTO Faults (" + " FaultGroup, Text, Date, IP" + ") VALUES (" + " @FaultGroup, @Text, @Date, @IP" + ")", conn); MySqlParameter paramFaultGroup = new MySqlParameter("@FaultGroup", MySqlDbType.Int32); FaultsGroup faultsGroup = (FaultsGroup) Enum.Parse(typeof (FaultsGroup), myFault.FaultGroup); paramFaultGroup.Value = (int) faultsGroup; cmdAdd.Parameters.Add(paramFaultGroup); cmdAdd.ExecuteNonQuery(); I haven't used

C# and MySQL .NET Connector - Any way of preventing SQL Injection attacks in a generic class?

阅读更多关于 C# and MySQL .NET Connector - Any way of preventing SQL Injection attacks in a generic class?

My idea is to create some generic classes for Insert/Update/Select via a C# (3.5) Winforms app talking with a MySQL database via MySQL .NET Connector 6.2.2. For example: public void Insert(string strSQL) { if (this.OpenConnection() == true) { MySqlCommand cmd = new MySqlCommand(strSQL, connection); cmd.ExecuteNonQuery(); this.CloseConnection(); } } Then from anywhere in the program I can run a query with/without user input by just passing a SQL query string. Reading around on SO is starting to give me the indication that this may lead to SQL injection attacks (for any user-input values). Is