MySQL连接错误,我从来没有见过
本文关键字:从来没有 连接 错误 MySQL | 更新日期: 2023-09-27 17:49:00
新的mysql错误:
ERROR [42000] [MySQL][ODBC 3.51 Driver][mysqld-5.5.9]You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'System.Data.Odbc.OdbcCommand' at line 1
我以前从未见过这个错误,不知道它与什么有关?
using (OdbcConnection connection = new OdbcConnection("Driver={MySQL ODBC 3.51 Driver}; Server=localhost; Database=gymwebsite2; User=root; Password=fakepass;"))
{
// ODBC command and transaction objects
OdbcCommand command = new OdbcCommand();
OdbcTransaction transaction = null;
// tell the command to use our connection
command.Connection = connection;
try
{
// open the connection
connection.Open();
// start the transaction
transaction = connection.BeginTransaction();
// Assign transaction object for a pending local transaction.
command.Connection = connection;
command.Transaction = transaction;
// TODO: Build a SQL INSERT statement
OdbcCommand cmd = new OdbcCommand("INSERT INTO User (Email, FirstName, SecondName, DOB, Location, Aboutme, username, password) VALUES ('" + TextBox1.Text + "', '" + TextBox2.Text + "', '" + TextBox3.Text + "', '" + TextBox4.Text + "', '" + TextBox5.Text + "', '" + TextBox6.Text + "', '" + TextBox7.Text + "', '" + TextBox8.Text + "')", connection);
// run the insert using a non query call
command.CommandText = cmd.ToString();
command.ExecuteNonQuery();
/* now we want to make a second call to MYSQL to get the new index
value it created for the primary key. This is called using scalar so it will
return the value of the SQL statement. We convert that to an int for later use.*/
command.CommandText = "select last_insert_id();";
int id = Convert.ToInt32(command.ExecuteScalar());
Label10.Text = Convert.ToString(id);
// the name id doesnt not exist in the current context
// Commit the transaction.
transaction.Commit();
}
catch (Exception ex)
{
Label10.Text = ": " + ex.Message;
try
{
// Attempt to roll back the transaction.
transaction.Rollback();
}
catch
{
// Do nothing here; transaction is not active.
}
}
}
using (var conn = new OdbcConnection("Driver={MySQL ODBC 3.51 Driver}; Server=localhost; Database=gymwebsite2; User=root; Password=fakepass;"))
{
conn.Open();
using (var tx = conn.BeginTransaction())
{
using (var cmd = conn.CreateCommand())
{
cmd.CommandText = "INSERT INTO User (Email, FirstName, SecondName, DOB, Location, Aboutme, username, password) VALUES (@Email, @FirstName, @SecondName, @DOB, @Location, @Aboutme, @username, @password)";
cmd.Parameters.AddWithValue("@Email", TextBox1.Text);
cmd.Parameters.AddWithValue("@FirstName", TextBox2.Text);
cmd.Parameters.AddWithValue("@SecondName", TextBox3.Text);
// TODO: might require a parsing if the column is of type date in SQL
cmd.Parameters.AddWithValue("@DOB", TextBox4.Text);
cmd.Parameters.AddWithValue("@Location", TextBox5.Text);
cmd.Parameters.AddWithValue("@Aboutme", TextBox6.Text);
cmd.Parameters.AddWithValue("@username", TextBox7.Text);
cmd.Parameters.AddWithValue("@password", TextBox8.Text);
cmd.ExecuteNonQuery();
//error on this line
}
using (var cmd = conn.CreateCommand())
{
cmd.CommandText = "select last_insert_id();";
int id = Convert.ToInt32(cmd.ExecuteScalar());
Label10.Text = Convert.ToString(id);
}
tx.Commit();
}
}
{"当分配给命令的连接处于挂起的本地事务中时,ExecuteNonQuery要求命令具有事务。命令的Transaction属性尚未初始化。"}
为什么你仍然使用有问题的ODBC连接到MySql时,有一个ADO。网络连接器?还有什么是这个可怕的字符串连接时,形成您的查询?:
OdbcCommand cmd = new OdbcCommand("INSERT INTO User (Email, FirstName, SecondName, DOB, Location, Aboutme, username, password) VALUES ('" + TextBox1.Text + "', '" + TextBox2.Text + "', '" + TextBox3.Text + "', '" + TextBox4.Text + "', '" + TextBox5.Text + "', '" + TextBox6.Text + "', '" + TextBox7.Text + "', '" + TextBox8.Text + "')", connection);
你没有听说过SQL注入和参数化查询,允许避免它?
我能说的是,如果你在写SQL查询时使用+符号,它就像拿着枪朝你的脚开枪(或头部取决于场景,但在所有情况下,你都在向自己开枪,基本上是自杀行为)。
所以,这是正确的做法:
using (var conn = new MySqlConnection("Server=localhost; Database=gymwebsite2; User=root; Password=commando;"))
{
conn.Open();
using (var tx = conn.BeginTransaction())
{
using (var cmd = conn.CreateCommand())
{
cmd.CommandText = "INSERT INTO User (Email, FirstName, SecondName, DOB, Location, Aboutme, username, password) VALUES (@Email, @FirstName, @SecondName, @DOB, @Location, @Aboutme, @username, @password)";
cmd.Parameters.AddWithValue("@Email", TextBox1.Text);
cmd.Parameters.AddWithValue("@FirstName", TextBox2.Text);
cmd.Parameters.AddWithValue("@SecondName", TextBox3.Text);
// TODO: might require a parsing if the column is of type date in SQL
cmd.Parameters.AddWithValue("@DOB", TextBox4.Text);
cmd.Parameters.AddWithValue("@Location", TextBox5.Text);
cmd.Parameters.AddWithValue("@Aboutme", TextBox6.Text);
cmd.Parameters.AddWithValue("@username", TextBox7.Text);
cmd.Parameters.AddWithValue("@password", TextBox8.Text);
cmd.ExecuteNonQuery();
}
using (var cmd = conn.CreateCommand())
{
cmd.CommandText = "select last_insert_id();";
int id = Convert.ToInt32(cmd.ExecuteScalar());
Label10.Text = Convert.ToString(id);
}
tx.Commit();
}
}
也请适当地命名这些文本框。维护这段代码的可怜人可能会发出绝望的尖叫