MySQL 前导空格与 C#
当我更新 MySQL 数据库中的字段时,它总是在值中添加空格。 我尝试使用修剪命令和替换命令删除空格。他们都没有工作。所以我希望它不是一个空格而是一些模糊的 ASCII 字符。这些是我使用的命令:
this.foo = result.GetValue(0).ToString().Trim();
this.bar = result.GetValue(0).ToString().Replace(" ","");
它更新的字段是 VARCHAR(xx)。这是我的 MySQL 更新命令:
MySqlCommand cmd = new MySqlCommand("UPDATE " + table + " SET " + new_field + " =' " + new_value+ "' WHERE " + field+ "= " + value + "",this.con);
this.con 是我与 MySQL 数据库的连接。
仅供参考:我在 Visual Studio 2008 中使用 .NET 3.5CF 和 mysql.data.cf DLL。
有人可以帮我解决这个问题吗?这让我抓狂。
When I update a field in my MySQL database, it always adds a whitespace to the value.
I tried to remove the whitespace with the trim-command and the replace-command. Neither of them worked. So I expect that it isn't a whitespace but some vague ASCII character. These are the commands I used:
this.foo = result.GetValue(0).ToString().Trim();
this.bar = result.GetValue(0).ToString().Replace(" ","");
The field it updates is a VARCHAR(xx). This is my MySQL update command:
MySqlCommand cmd = new MySqlCommand("UPDATE " + table + " SET " + new_field + " =' " + new_value+ "' WHERE " + field+ "= " + value + "",this.con);
this.con is my connection to the MySQL database.
FYI: I use .NET 3.5CF with a mysql.data.cf DLL in Visual Studio 2008.
Could someone help me out with this problem? It's driving me nuts.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
是的,SQL 中有一个前导空格:
请注意“=”后面的那一位 - 您先有一个引号,然后是一个空格,然后是
new_value。但是,您不应该首先将值直接放入 SQL 中 - 您应该使用参数化 SQL 语句...目前您已经面临 SQL 注入攻击,以及潜在的问题 诚实的值带引号。
您应该在此处对
new_value和value使用参数化SQL...我假设field 和table来自更“可信”的来源?Well yes, you've got a leading space in the SQL:
Note the bit straight after "=" - you've got a quote, then a space, then
new_value.However, you shouldn't be putting the values in the SQL directly in the first place - you should be using parameterized SQL statements... currently you've got a SQL injection attack waiting to happen, as well as potential problems for honest values with quotes in.
You should use parameterized SQL for both
new_valueandvaluehere... I'm assuming thatfieldandtablecome from more "trusted" sources?这似乎有一个空格,其中 * 是
This appears to have a space where the * is