大家好,stackoverflow! 我最近一直在开发一个简单的 vb.net 程序,该程序连接到 mysql 数据库以使用给定的凭据注册和登录用户。我已使用此代码来注册我的用户,但我不断收到错误消息(在代码下方)
Dim insertUser As String = "INSERT INTO users(ID, username, password, email, verif)" _
& " VALUES('','" & Username.Text & "','" & Password.Text & "','" & Email.Text & "','" & currentRandString & "');"
Dim checkUsername As String = "SELECT * FROM users WHERE username='" & Username.Text & "'"
MysqlConn = New MySqlConnection()
MysqlConn.ConnectionString = mysqlconntxt4reg
MysqlConn.Open()
Dim myCommand As New MySqlCommand
myCommand.Connection = MysqlConn
myCommand.CommandText = checkUsername
myAdapter.SelectCommand = myCommand
Dim myData As MySqlDataReader
myData = myCommand.ExecuteReader
If myData.HasRows > 0 Then
MsgBox("Username Already In Use...", MsgBoxStyle.Critical, "Error")
myData.Close()
Else
myData.Close()
Dim myCommand2 As New MySqlCommand
myCommand2.Connection = MysqlConn
myCommand2.CommandText = insertUser
myAdapter.SelectCommand = myCommand2
Dim myData2 As MySqlDataReader
myData2 = myCommand2.ExecuteReader
Mail(Email.Text, currentRandString)
Me.Close()
myData2.Close()
End If
Catch myerror As MySqlException
MsgBox("Error While Connecting To Database:" & vbNewLine & vbNewLine & myerror.ToString, MsgBoxStyle.Critical, "Error")
Finally
MysqlConn.Dispose()
End Try
在打开其他数据读取器之前,我已经关闭了所有数据读取器,所以我不明白为什么这不起作用......
错误:
对于这个主题的任何帮助,我将不胜感激! 谢谢 罗迪特
最佳答案
我会在所有一次性对象周围使用 using 语句,以确保它们在不再需要时释放对连接的每个引用,但是查看您的代码,我认为您根本不需要所有数据读取器,因为您只需使用命令即可解决您的问题
Dim insertUser As String = "INSERT INTO users(username, password, email, verif)" _
& " VALUES(@p1, @p2,@p3,@p4)"
Dim checkUsername As String = "SELECT COUNT(*) FROM users WHERE username=@p1"
Using MysqlConn = New MySqlConnection(mysqlconntxt4reg)
Using myCommand = New MySqlCommand(checkUsername, MysqlConn)
MysqlConn.Open()
myCommand.Parameters.AddWithValue("@p1", Username.Text)
Dim result = myCommand.ExecuteScalar()
if result IsNot Nothing AndAlso Convert.ToInt32(result) > 0 Then
MsgBox("Username Already In Use...", MsgBoxStyle.Critical, "Error")
Else
Using myCommand2 = New MySqlCommand(insertUser, MysqlConn)
mycommand2.Parameters.AddWithValue("@p1",Username.Text)
mycommand2.Parameters.AddWithValue("@p2",Password.Text )
mycommand2.Parameters.AddWithValue("@p3",Email.Text)
mycommand2.Parameters.AddWithValue("@p4",currentRandString )
myCommand2.ExecuteNonQuery()
Mail(Email.Text, currentRandString)
End Using
End If
End Using
End Using
当然,我已经用参数化查询替换了您的字符串连接。这对于避免 Sql 注入(inject)确实是一件重要的事情
我已将检查用户存在的查询替换为可与命令 ExecuteScalar 一起使用的标量操作。另外,在第一个查询中,您似乎尝试插入带有空字符串的字段 ID。我认为第一个字段 (ID) 是一个自动编号字段,在这种情况下,您不会将其添加到插入查询中,也不会传递任何值,因为数据库将为您计算该字段。
关于mysql - 为什么我总是收到这个 mysql 错误?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/20024062/