Add*_*ddy 1 mysql asp.net parameterized-query
我正在进行参数化查询,但我没有得到正确的查询结果
这是我的代码
public MySqlCommand Get_Login(string clinetID, string loginID, string password, string branchID)
{
MySqlCommand objCommand = new MySqlCommand(this.Query);
objCommand.Parameters.AddWithValue("@ClientID", clinetID);
objCommand.Parameters.AddWithValue("@LoginID", loginID);
objCommand.Parameters.AddWithValue("@Password", password);
objCommand.Parameters.AddWithValue("@BranchID", branchID);
objCommand.CommandType = CommandType.Text;
return objCommand;
}
在调试时这是我在"objCommand"中得到的
Select u.groupid,p.PersonId, p.designationid,concat(p.salutation,p.FName,'
',p.MName,' ',p.LName) as PersonName,tb.Type
BrType,p.OrgId,p.subdepartmentid,ifnull(crossdept,'N') as
crossdept,p.departmentid,u.defaultpage,p.orgid,ifnull(p.crosslab,'N') as crosslab,
(select indoor_services from dc_Tp_organization where orgid='@ClientID') as
indoor_services,(select name from dc_Tp_organization where orgid='@ClientID') as
orgname,
(select default_route from dc_Tp_organization where orgid='@ClientID') as
default_route,p.BranchID BranchID,tb.Name BRName from dc_tp_personnel p left outer
join
dc_tu_userright u on u.personid=p.personid left outer join dc_tp_branch tb on
tb.BranchID=p.BranchID Where p.Active='Y' and p.LoginId = '@LoginID' and p.Pasword
='@Password' and p.BranchID='@BranchID'
我没有获得参数值
这是查询
objdbhims.Query = "Select u.groupid,p.PersonId,
p.designationid,concat(p.salutation,p.FName,' ',p.MName,' ',p.LName) as
PersonName,tb.Type BrType,p.OrgId,p.subdepartmentid,ifnull(crossdept,'N') as
crossdept,p.departmentid,u.defaultpage,p.orgid,ifnull(p.crosslab,'N') as crosslab,
(select indoor_services from dc_Tp_organization where orgid=@ClientID) as
indoor_services,(select name from dc_Tp_organization where orgid=@ClientID) as
orgname,(select default_route from dc_Tp_organization where orgid=@ClientID) as
default_route,p.BranchID BranchID,tb.Name BRName from dc_tp_personnel p left outer
join dc_tu_userright u on u.personid=p.personid left outer join dc_tp_branch tb on
tb.BranchID=p.BranchID Where p.Active='Y' and p.LoginId = @LoginID and p.Pasword
=@Password and p.BranchID=@BranchID";
Secret Squirrel使用"?"是正确的.用于参数化变量.MySQL使用"@"作为查询的内联sql变量,因此期望从脚本或内联(select子查询)声明的一部分声明它们.
您需要在查询中更改参数的BOTH实例...以及command.Parameters.Add ...实例.
另外,我注意到了,不知道是不是它,但在你的WHERE子句中,你有"pasword"(只有一个's)vs密码(两个's)不知道是否有意.
可能有帮助的最后一件事.由于某些参数与列名匹配,我建议稍微更改参数,只需在列名和实际参数之间添加"x"之类的FORCE区分即可...
where... p.LoginID = ?xLoginID ...
并在命令参数中
objCommand.Parameters.AddWithValue("?xLoginID", loginID);
| 归档时间: |
|
| 查看次数: |
1263 次 |
| 最近记录: |