尝试学习 C#,但我无法完全掌握查询和获取结果的方法。我试图找出在 C# .NET 中执行以下操作的方法和最佳方式。这是一个MySql 数据库。
//Interact with the DB. Find out if this hashed account #'s in there.
$dbh = $this->getPDO();
$procedure = "SELECT userPass FROM 499Users WHERE accName = :acc";
$call = $dbh->prepare($procedure);
$call->bindParam(':acc', $testAcc, PDO::PARAM_STR);
$call->execute();
//Fetch up to 1 result row
$row = $call->fetch(PDO::FETCH_ASSOC);
这是我最近的尝试:而且我意识到我可能应该使用参数,但我只是希望它首先工作
MySqlConnectionStringBuilder conn_string = new MySqlConnectionStringBuilder();
conn_string.Server = "*";
conn_string.UserID = "*";
conn_string.Password = "*";
conn_string.Database = "*";
conn_string.Port = 3306;
MySqlConnection connection = new MySqlConnection(conn_string.ToString());
try
{
Console.WriteLine("Trying to connect to: ..." + conn_string); Console.WriteLine("Connecting to MySQL...");
connection.Open();
}
catch (Exception ex)
{
Console.WriteLine(ex.ToString());
}
string hashedAcc = this.HashPassword(acc);
//Verify hashed account
string query = "SELECT userPass FROM 49Users WHERE accName =" + hashedAcc;
MySqlCommand cmd = new MySqlCommand(query, connection);
MySqlDataReader myReader;
myReader = cmd.ExecuteReader();
try
{
while (myReader.Read())
{
Console.WriteLine(myReader.GetString(0));
}
}
finally
{
myReader.Close();
connection.Close();
}
最佳答案
以下 WHERE 子句:
WHERE accName =" + hashedAcc;
如果 accName 不是 int 类型,则会导致错误,它需要引号括起来。
您应该像在 PDO 中一样使用参数化查询,它也可以避免此类错误和 SQL 注入(inject)。
var query = "SELECT userPass FROM 49Users WHERE accName = @hashedAcc";
var cmd = new MySqlCommand(query, connection);
cmd.Parameters.AddWithValue("@hashedAcc", hashedAcc);
关于c# - 此 PHP 代码的等效 C#,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/27198105/