【发布时间】:2015-05-26 14:52:27
【问题描述】:
在以下代码中得到一个异常:{"Fatal error encountered during command execution."}:
internal string GetUserRole(string userEmail)
{
_query = "SELECT Role FROM RegisteredUsers WHERE Email = @userEmail";
string role = null;
using (_msqlCon = new MySqlConnection(_connectionString))
{
_msqlCon.Open();
using (_command = new MySqlCommand(_query, _msqlCon))
{
MySqlDataReader reader = _command.ExecuteReader();
while (reader.Read())
{
if (reader["Email"].Equals(userEmail))
{
role = reader["Role"].ToString();
break;
}
}
}
}
return role;
}
innerException 说:Parameter @userEmail 必须被定义。当我必须从给定的参数中进行选择时,这是我通常做出选择语句的方式,所以我想这只是一个小错误。但是我已经在这段代码上盲目地加注了将近 20 分钟。我的查询有什么问题:_query = "SELECT Role FROM RegisteredUsers WHERE Email = @userEmail";?
【问题讨论】:
-
@userEmail 在哪里定义?为什么不这样做:_query = string.Format("SELECT Role FROM RegisteredUsers WHERE Email = '{0}'", @userEmail);
-
@CoderForHire 你的解决方案很容易受到sql injection 攻击。