C# Mysql 将行 move 到另一个表并获取单元格的最大值

Question

我有一种方法可以将行从一个表 move 到另一个表。这本身就很好用。我现在想做的是选择回调表中单元格的最高值。这是我尝试过的:

public static void MoveLead(RadGridView Gridview, RadDropDownList SegmentDropdown, string UniqueID)
{
    try
    {
        string Table = SegmentDropdown.Text;
        using (MySqlConnection cn = new MySqlConnection(Varribles.ConString))
        {
            string query = "BEGIN;  select max(UniqueID) from Callbacks;     INSERT INTO Callbacks select * from " + Table + " where UniqueID = " + UniqueID + "; DELETE FROM " + Table + " where UniqueID = " + UniqueID + "; COMMIT;";
            cn.Open();
            using (MySqlCommand cmd = new MySqlCommand(query, cn))
            {
                cmd.CommandText = query;
                cmd.ExecuteNonQuery();

                Console.WriteLine("query" + Convert.ToInt32(cmd.ExecuteScalar()));
            }
        }
    }
    catch (Exception ex)
    {
        Console.WriteLine(ex.ToString());
    }
}

提前致谢

Answer 1

您是否尝试过稍微更改一下代码？

public static void MoveLead(RadGridView Gridview, RadDropDownList SegmentDropdown, string UniqueID)
{
    try
    {
        string Table = SegmentDropdown.Text;
        using (MySqlConnection cn = new MySqlConnection(Varribles.ConString))
        {
            cn.Open();

            string query = "select max(UniqueID) from Callbacks;";
            using (MySqlCommand cmd = new MySqlCommand(query, cn))
            {
                // Notice I removed the command text, you are already setting the command text in the constructor for the MySqlCommand
                int UID = Int32.Parse(cmd.ExecuteScalar());

                Console.WriteLine("query" + UID);
            }

            query = "BEGIN;  INSERT INTO Callbacks select * from " + Table + " where UniqueID = ?UniqueID; DELETE FROM " + Table + " where UniqueID = ?UniqueID; COMMIT;";
            using (MySqlCommand cmd = new MySqlCommand(query, cn))
            {
                // Use parameters to sanitize input. There are very rare circumstances where you would want to do a direct concatenation to a query as its susceptible to sql injection
                cmd.Parameters.Add(new MySqlParameter("UniqueID", UniqueID))
                cmd.ExecuteNonQuery();
            }
        }
    }
    catch (Exception ex)
    {
        Console.WriteLine(ex.ToString());
    }
}

此外，我强烈建议您阅读有关 SQL 注入(inject)的内容。您构建查询的方式很可怕，具体取决于“Table”和“UniqueID”的来源。由于 Table 变量无法参数化，因此您需要格外小心该值的填充位置。 查看https://stackoverflow.com/a/652999/5947241 & https://dev.mysql.com/doc/connector-net/en/connector-net-programming-prepared-preparing.html