这里是我的表:MySQL的INSERT INTO问题
CREATE TABLE IF NOT EXISTS CauHoi(MaCH VARCHAR(10) CHARACTER SET utf8 COLLATE utf8_unicode_ci PRIMARY KEY, MaMH VARCHAR(10) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL, Question TEXT CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL, Difficulty VARCHAR(10) CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL, a TEXT CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL, b TEXT CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL, c TEXT CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL, d TEXT CHARACTER SET utf8 COLLATE utf8_unicode_ci NOT NULL, Answer VARCHAR(10) NOT NULL);
这里是我的查询:
answerComboBox->addItem("a");
answerComboBox->addItem("b");
answerComboBox->addItem("c");
answerComboBox->addItem("d");
q.prepare("INSERT INTO CauHoi(MaCH,MaMH,Question,Difficulty,a,b,c,d,Answer) VALUES ('"
+ maCHLineEdit->text() + "','"
+ maMHLineEdit->text() + "','"
+ questionTextEdit->toPlainText() + "','"
+ difficultyComboBox->currentText()+ "','"
+ aLineEdit->text() + "','"
+ bLineEdit->text() + "','"
+ cLineEdit->text() + "','"
+ dLineEdit->text() + "',"
+ answerComboBox->currentText()+");");
然而,当q.exec(),如果answerComboBox-> currentText()==” c“,CauHoi表中的Answer列成为cLineEdit-> text()。它是多么的疯狂!我只是希望它只是“a”,“b”,“c”,“d”。
请帮我
您需要更加小心你的SQL语句。尝试在准备之前将其打印出来。你很容易受到SQL注入攻击。为了测试它,准备一个关于三个剑客的问题,其中一个答案是“D'Artagnan”。 – nvoigt