I have a string:
string theUserId = Session["UserID"].ToString();
But I dont know how to add the string to this sqlsnytax
{
if (Session["UserID"] != null)
{
string theUserId = Session["UserID"].ToString();
Label1.Text = Convert.ToString(theUserId);
OdbcConnection cn = new OdbcConnection("Driver={MySQL ODBC 3.51 Driver}; Server=localhost; Database=gymwebsite; User=x; Password=x;");
cn.Open();
OdbcCommand cmd = new OdbcCommand("SELECT User.FirstName, User.SecondName, User.Aboutme, User.DOB, Pictures.picturepath FROM User LEFT JOIN Pictures ON User.UserID = Pictures.UserID WHERE User.UserID=@UserID"), cn);
cmd.Parameters.AddWithValue("@UserID", theUserId);
OdbcDataReader reader = cmd.ExecuteReader();
while (reader.Read())
{
Name.Text = String.Format("{0} {1}", reader.GetString(0), reader.GetString(1));
Aboutme.Text = String.Format("{0}", reader.GetString(2));
Age.Text = String.Format("{0}", reader.Ge开发者_运维百科tString(3));
Image1.ImageUrl = String.Format("{0}", reader.GetString(4));
}
}
}
}
User.UserID=1 how would I change that to something like User.UserID="theUserId"
See the following. The number one thing to note is the USING clauses which will clean up your connections. Either you use these or you have to wrap everything in try .. catches with the appropriate disposing calls made.
if (Session["UserID"] != null)
{
string theUserId = Session["UserID"].ToString();
Label1.Text = Convert.ToString(theUserId);
using (OdbcConnection cn = new OdbcConnection("Driver={MySQL ODBC 3.51 Driver}; Server=localhost; Database=gymwebsite; User=root; Password=commando;")) {
cn.Open();
using (OdbcCommand cmd = new OdbcCommand("SELECT User.FirstName, User.SecondName, User.Aboutme, User.DOB, Pictures.picturepath FROM User LEFT JOIN Pictures ON User.UserID = Pictures.UserID WHERE User.UserID=@UserID", cn)) {
cmd.Parameters.AddWithValue("@UserID", theUserId);
using (OdbcDataReader reader = cmd.ExecuteReader()) {
while (reader.Read())
{
Name.Text = String.Format("{0} {1}", reader.GetString(0), reader.GetString(1));
Aboutme.Text = String.Format("{0}", reader.GetString(2));
Age.Text = String.Format("{0}", reader.GetString(3));
Image1.ImageUrl = String.Format("{0}", reader.GetString(4));
}
} // using reader
} // using cmd
} // using connection
}
string theUserId = Session[ "UserID" ].ToString();
OdbcCommand cmd = new OdbcCommand(
"SELECT User.FirstName, User.SecondName, User.Aboutme, User.DOB, Pictures.picturepath FROM User LEFT JOIN Pictures ON User.UserID = Pictures.UserID WHERE User.UserID=@UserID"
), cn);
cmd.Parameters.AddWithValue("@UserID", theUserId);
You can define your parameters with @Parameter name and then add them using .Parameters.AddWithValue
This is much safer than string.format or concatinating the string yourself
WHERE User.UserID = $UserID
Then add a parameter called '$UserID' to the Command object you're using, and it will pick up the value when you execute the query.
Note that I'm not sure what driver you're using for MySQL, I think parameters must be prefixed with $, but I'm not 100% sure. In SQL Server it's @.
Are you looking for something like this?
string.Format("SELECT User.FirstName, User.SecondName, User.Aboutme, User.DOB, Pictures.picturepath FROM User LEFT JOIN Pictures ON User.UserID = Pictures.UserID WHERE User.UserID={0}", theUserId);
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论