Table of Contents
Advertisement
As well as marking the position of the parameter in the query string, it is necessary to add a parameter
to the Command object. This is illustrated by the following code snippet:
cmd.Parameters.AddWithValue("@Continent", "North America");
In this example the string "North America" is supplied as the parameter value statically, but in a more
practical example it would come from a user input control.
A further example illustrates the complete process:
using System;
using System.Data;
using MySql.Data;
using MySql.Data.MySqlClient;
public class Tutorial5
{
public static void Main()
{
string connStr = "server=localhost;user=root;database=world;port=3306;password=******;";
MySqlConnection conn = new MySqlConnection(connStr);
try
{
}
catch (Exception ex)
{
}
conn.Close();
Console.WriteLine("Done.");
}
}
In this part of the tutorial you have see how to use parameters to make your code more secure.
20.2.4.1.5. Working with Stored Procedures
This section illustrates how to work with stored procedures. Putting database-intensive operations into
stored procedures lets you define an API for your database application. You can reuse this API across
multiple applications and multiple programming languages. This technique avoids duplicating database
code, saving time and effort when you make updates due to schema changes, tune the performance
of queries, or add new database operations for logging, security, and so on. Before working through
this tutorial, familiarize yourself with the
create different kinds of stored routines.
For the purposes of this tutorial, you will create a simple stored procedure to see how it can be called
from Connector/Net. In the MySQL Client program, connect to the World database and enter the
following stored procedure:
Connector/Net Tutorials
Console.WriteLine("Connecting to MySQL...");
conn.Open();
string sql = "SELECT Name, HeadOfState FROM Country WHERE Continent=@Continent";
MySqlCommand cmd = new MySqlCommand(sql, conn);
Console.WriteLine("Enter a continent e.g. 'North America', 'Europe': ");
string user_input = Console.ReadLine();
cmd.Parameters.AddWithValue("@Continent", user_input);
MySqlDataReader rdr = cmd.ExecuteReader();
while (rdr.Read())
{
Console.WriteLine(rdr["Name"]+" --- "+rdr["HeadOfState"]);
}
rdr.Close();
Console.WriteLine(ex.ToString());
and
CREATE PROCEDURE
1863
statements that
CREATE FUNCTION
Advertisement
Chapters
Table of Contents
Troubleshooting
