我的代码如下:
if (!string.IsNullOrEmpty(Mpdue.TheObjectPropertyNameNs))
{
string sql = @String.Format(" SELECT * FROM doTable WHERE dOCode IN ('" + Mpdue.TheObjectPropertyNameNs + "'); ");
using (OdbcConnection myConnectionString =
new OdbcConnection(ConfigurationManager.ConnectionStrings["ConnMySQL"].ConnectionString))
{
using (OdbcCommand command =
new OdbcCommand(sql, myConnectionString))
{
try
{
command.Connection.Open();
using (OdbcDataReader reader = command.ExecuteReader())
{
if (reader.HasRows)
{
while (reader.Read())
{
Response.Write(reader["dOCode"].ToString() + "<br />");
}
}
}
}
catch (Exception ex)
{
throw new ApplicationException("operation failed!", ex);
}
finally
{
command.Connection.Close();
}
}
}
}
输出:
D410
D420
D430
D440
现在我尝试在 MySql 查询中使用 command.Parameters.AddWithValue。
我一直在尝试并没有发现错误,使用command.Parameters.AddWithValue时输出为空,为什么?
if (!string.IsNullOrEmpty(Mpdue.TheObjectPropertyNameNs))
{
string sql = @String.Format(" SELECT * FROM doTable WHERE dOCode IN (?); ");
using (OdbcConnection myConnectionString =
new OdbcConnection(ConfigurationManager.ConnectionStrings["ConnMySQL"].ConnectionString))
{
using (OdbcCommand command =
new OdbcCommand(sql, myConnectionString))
{
try
{
command.Connection.Open();
command.Parameters.AddWithValue("param1", Mpdue.TheObjectPropertyNameNs);
using (OdbcDataReader reader = command.ExecuteReader())
{
if (reader.HasRows)
{
while (reader.Read())
{
Response.Write(reader["dOCode"].ToString() + "<br />");
}
}
}
}
catch (Exception ex)
{
throw new ApplicationException("operation failed!", ex);
}
finally
{
command.Connection.Close();
}
}
}
}
编辑 #2
var parameters = new string[Mpdue.TheObjectPropertyNameNs.Length];
var paramValue = string.Join(", ", parameters);
string sql = string.Format("SELECT * FROM doTable WHERE dOCode IN ({0})", string.Join(", ", parameters.Select(x => "?")));
int index = 0;
foreach (var param in parameters)
{
command.Parameters.AddWithValue("param{index}", param);
index++;
}
编辑 #1
我的新代码如下:
if (!string.IsNullOrEmpty(Mpdue.TheObjectPropertyNameNs))
{
var parameters = new string[Mpdue.TheObjectPropertyNameNs.Length];
string sql = @String.Format(" SELECT * FROM doTable WHERE dOCode IN ({0})", string.Join(", ", parameters));
using (OdbcConnection myConnectionString =
new OdbcConnection(ConfigurationManager.ConnectionStrings["ConnMySQL"].ConnectionString))
{
using (OdbcCommand command =
new OdbcCommand(sql, myConnectionString))
{
try
{
command.Connection.Open();
for (int i = 0; i < Mpdue.TheObjectPropertyNameNs.TrimStart('\'').TrimEnd('\'').Length; i++)
{
parameters[i] = string.Format("param1{0}", i);
command.Parameters.AddWithValue(parameters[i], Mpdue.TheObjectPropertyNameNs.TrimStart('\'').TrimEnd('\'')[i]);
}
using (OdbcDataReader reader = command.ExecuteReader())
{
if (reader.HasRows)
{
while (reader.Read())
{
Response.Write(reader["dOCode"].ToString() + "<br />");
}
}
}
}
catch (Exception ex)
{
throw new ApplicationException("operation failed!", ex);
}
finally
{
command.Connection.Close();
}
}
}
}
错误:
ERROR [42000] [MySQL][ODBC 5.1 Driver][mysqld-5.5.24-log]You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' , , , , , , , , , , , , , , , , , , , , , , , , , ) at line 1
最佳答案
为了解决这个问题,您可以将查询更改为以下字符串:
SELECT * FROM doTable WHERE FIND_IN_SET(dOCode, ?)
然后,您需要确保以 D410、D420、D430、D440 的形式设置参数。所以你可以像第一种方法一样构建它,比如
var paramValue = string.Join(", ", parameters);
稍后添加
command.Parameters.AddWithValue("param1", paramValue);
请注意,使用 FIND_IN_SET 可能会对性能产生负面影响,因为它会扫描整个表而不考虑索引。另一种方法是将 n 个参数插入查询,然后单独添加每个参数,例如
string sql = string.Format("SELECT * FROM doTable WHERE dOCode IN ({0})", string.Join(", ", parameters.Select(x => "?")));
// ...
int index = 0;
foreach(var param in parameters)
{
command.Parameters.AddWithValue($"param{index}", param);
index++;
}
如果预期的参数数量不是太多,这是一种可行的方法。
关于c# - 如何使用带值的 command.Parameters.AddWithValue?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/54807074/