/// 1、引入MySQL Data.dll ->这个是用来提供对数据库操作的类
吧这个东西复制到bin文件Debug目录下,然后在工程中添加引用
/// 3、使用类对数据库进行增删改查
几个常用sql语句:
查询:select * from users 或者 select * from users where id=1
插入:insert into users set username=.., userpassword=...
删除:delete from users where userid = ...
更新:update users set userpassword = ... where userid = 1
以下代码实现 :
连接mygamedb数据库以后查询users表的所有数据并打印出来
static void Main(string[] args)
{
//数据库、数据源、端口号、用户、密码,以此建立相应的链接类
string mysqlConStr = "Database = mygamedb; DataSource = 127.0.0.1; port = 3306; user = root; Password = root;";
//创建数据库连接类
MySqlConnection mysqlCon = new MySqlConnection(mysqlConStr);
//打开相应的要链接的数据库
mysqlCon.Open();
//SQL命令类,用来执行sql命令
//MySqlCommand mysqlCom = new MySqlCommand("select * from users where userid=1", mysqlCon);
MySqlCommand mysqlCom = new MySqlCommand("select * from users", mysqlCon);
MySqlDataReader mysqlRead = mysqlCom.ExecuteReader();
/*
if(mysqlRead.HasRows)
{
mysqlRead.Read();//执行一次就读取一行
string username = mysqlRead.GetString("username");
string userpass = mysqlRead.GetString("userpassword");
Console.WriteLine(username + " " + userpass);
}
*/
while(mysqlRead.Read())
{
string username = mysqlRead.GetString("username");
string userpass = mysqlRead.GetString("userpassword");
Console.WriteLine(username + " " + userpass);
}
mysqlRead.Close();
mysqlCon.Close();
}
}
--插入
#region 插入 如何解决Sql注入
/**
string insertName = "wujixuan";
string insertPass = "wujixuan; delete from users"; //注意这条语句,sql注入
//这条sql语句解决了sql注入问题,不用字符串拼接方式防止恶意sql语句注入
MySqlCommand mysqlCmd = new MySqlCommand("insert into users set username=@un, userpassword=@pwd ", mysqlCon);//@表示未知的参数,后面的是自定义参数名
//未知参数的设定
mysqlCmd.Parameters.AddWithValue("un", insertName);
mysqlCmd.Parameters.AddWithValue("pwd", insertPass);
//执行sql命令
mysqlCmd.ExecuteNonQuery(); //执行跟查询无关的命令
**/
#endregion
--删除
MySqlCommand cmd = new MySqlCommand("delete from users where userid=@id", mysqlCon);
cmd.Parameters.AddWithValue("id", 4);
cmd.ExecuteNonQuery();
--更新
MySqlCommand msqlCmd = new MySqlCommand("update users set userpassword=@pwd where userid=1", mysqlCon);
msqlCmd.Parameters.AddWithValue("pwd", "u600672");
msqlCmd.ExecuteNonQuery();