G G*_* Gr 1 c# mysql sql asp.net
新的mysql错误:
ERROR [42000] [MySQL][ODBC 3.51 Driver][mysqld-5.5.9]You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'System.Data.Odbc.OdbcCommand' at line 1
我以前从未见过这个错误,也不知道它与之有什么关系?
using (OdbcConnection connection = new OdbcConnection("Driver={MySQL ODBC 3.51 Driver}; Server=localhost; Database=gymwebsite2; User=root; Password=fakepass;"))
{
// ODBC command and transaction objects
OdbcCommand command = new OdbcCommand();
OdbcTransaction transaction = null;
// tell the command to use our connection
command.Connection = connection;
try
{
// open the connection
connection.Open();
// start the transaction
transaction = connection.BeginTransaction();
// Assign transaction object for a pending local transaction.
command.Connection = connection;
command.Transaction = transaction;
// TODO: Build a SQL INSERT statement
OdbcCommand cmd = new OdbcCommand("INSERT INTO User (Email, FirstName, SecondName, DOB, Location, Aboutme, username, password) VALUES ('" + TextBox1.Text + "', '" + TextBox2.Text + "', '" + TextBox3.Text + "', '" + TextBox4.Text + "', '" + TextBox5.Text + "', '" + TextBox6.Text + "', '" + TextBox7.Text + "', '" + TextBox8.Text + "')", connection);
// run the insert using a non query call
command.CommandText = cmd.ToString();
command.ExecuteNonQuery();
/* now we want to make a second call to MYSQL to get the new index
value it created for the primary key. This is called using scalar so it will
return the value of the SQL statement. We convert that to an int for later use.*/
command.CommandText = "select last_insert_id();";
int id = Convert.ToInt32(command.ExecuteScalar());
Label10.Text = Convert.ToString(id);
// the name id doesnt not exist in the current context
// Commit the transaction.
transaction.Commit();
}
catch (Exception ex)
{
Label10.Text = ": " + ex.Message;
try
{
// Attempt to roll back the transaction.
transaction.Rollback();
}
catch
{
// Do nothing here; transaction is not active.
}
}
}
编辑:
using (var conn = new OdbcConnection("Driver={MySQL ODBC 3.51 Driver}; Server=localhost; Database=gymwebsite2; User=root; Password=fakepass;"))
{
conn.Open();
using (var tx = conn.BeginTransaction())
{
using (var cmd = conn.CreateCommand())
{
cmd.CommandText = "INSERT INTO User (Email, FirstName, SecondName, DOB, Location, Aboutme, username, password) VALUES (@Email, @FirstName, @SecondName, @DOB, @Location, @Aboutme, @username, @password)";
cmd.Parameters.AddWithValue("@Email", TextBox1.Text);
cmd.Parameters.AddWithValue("@FirstName", TextBox2.Text);
cmd.Parameters.AddWithValue("@SecondName", TextBox3.Text);
// TODO: might require a parsing if the column is of type date in SQL
cmd.Parameters.AddWithValue("@DOB", TextBox4.Text);
cmd.Parameters.AddWithValue("@Location", TextBox5.Text);
cmd.Parameters.AddWithValue("@Aboutme", TextBox6.Text);
cmd.Parameters.AddWithValue("@username", TextBox7.Text);
cmd.Parameters.AddWithValue("@password", TextBox8.Text);
cmd.ExecuteNonQuery();
//error on this line
}
using (var cmd = conn.CreateCommand())
{
cmd.CommandText = "select last_insert_id();";
int id = Convert.ToInt32(cmd.ExecuteScalar());
Label10.Text = Convert.ToString(id);
}
tx.Commit();
}
}
{"ExecuteNonQuery要求命令在分配给命令的连接处于挂起的本地事务中时具有事务.该命令的Transaction属性尚未初始化."}
当存在ADO.NET连接器时,为什么还在使用错误的ODBC连接到MySql ?在形成查询时,这个可怕的字符串连接是什么?:
OdbcCommand cmd = new OdbcCommand("INSERT INTO User (Email, FirstName, SecondName, DOB, Location, Aboutme, username, password) VALUES ('" + TextBox1.Text + "', '" + TextBox2.Text + "', '" + TextBox3.Text + "', '" + TextBox4.Text + "', '" + TextBox5.Text + "', '" + TextBox6.Text + "', '" + TextBox7.Text + "', '" + TextBox8.Text + "')", connection);
我只能说,如果你+在写一个SQL查询时使用这个标志就像拿枪一样射击你的脚(或根据场景拍摄,但在所有情况下,你都是自己射击,基本上是自杀行为) .
所以,这是正确的做事方式:
using (var conn = new MySqlConnection("Server=localhost; Database=gymwebsite2; User=root; Password=commando;"))
{
conn.Open();
using (var tx = conn.BeginTransaction())
{
using (var cmd = conn.CreateCommand())
{
cmd.CommandText = "INSERT INTO User (Email, FirstName, SecondName, DOB, Location, Aboutme, username, password) VALUES (@Email, @FirstName, @SecondName, @DOB, @Location, @Aboutme, @username, @password)";
cmd.Parameters.AddWithValue("@Email", TextBox1.Text);
cmd.Parameters.AddWithValue("@FirstName", TextBox2.Text);
cmd.Parameters.AddWithValue("@SecondName", TextBox3.Text);
// TODO: might require a parsing if the column is of type date in SQL
cmd.Parameters.AddWithValue("@DOB", TextBox4.Text);
cmd.Parameters.AddWithValue("@Location", TextBox5.Text);
cmd.Parameters.AddWithValue("@Aboutme", TextBox6.Text);
cmd.Parameters.AddWithValue("@username", TextBox7.Text);
cmd.Parameters.AddWithValue("@password", TextBox8.Text);
cmd.ExecuteNonQuery();
}
using (var cmd = conn.CreateCommand())
{
cmd.CommandText = "select last_insert_id();";
int id = Convert.ToInt32(cmd.ExecuteScalar());
Label10.Text = Convert.ToString(id);
}
tx.Commit();
}
}
另请为这些文本框命名.那个维护这段代码的穷人可能会发出绝望的尖叫声.
| 归档时间: |
|
| 查看次数: |
925 次 |
| 最近记录: |