带有 MySQL INSERT 参数的 C#

大家好，我正在使用 Visual C# 2010 和 MySQL 5.1.48 版社区.我希望你能帮助我处理这段代码.我不觉得它对我有用.我错过了什么?

Good day to all, I'm using Visual C# 2010 and MySQL Version 5.1.48-community. I hope you can help me with this code. I don't find it working on me. What am I missing?

string connString = ConfigurationManager.ConnectionStrings["default"].ConnectionString;
MySqlConnection conn = new MySqlConnection(connString);
conn.Open();
MySqlCommand comm = conn.CreateCommand();
comm.CommandText = "INSERT INTO room(person,address) VALUES(@person, @address)";
comm.Parameters.Add("@person", "Myname");
comm.Parameters.Add("@address", "Myaddress");
comm.ExecuteNonQuery();
conn.Close();

当我尝试编译它时.它说:

And when I try to compile it. It says:

Person 列不能为空

Person column cannot be null

但是当我尝试这段代码时.

But when I try this code.

comm.CommandText = "INSERT INTO room(person,address) VALUES('Myname', 'Myaddress')";

但是这段代码很容易受到sql注入攻击，但它有效，不会给我一个错误.

But this code is prone to sql injection attack but it works, doesn't gives me an error.

我尝试使用它.我在这里找到了它，所以我认为它会工作但给了我这个错误

I tried to use this. I found it here so I thought It would work but gives me this error

索引(从零开始)必须大于或等于零且小于参数列表的大小.

Index (zero based) must be greater than or equal to zero and less than the size of the argument list.

有什么想法吗?

    string a = "myname";
    MySqlCommand cmd = new MySqlCommand();
    cmd.Connection = conn;
    cmd.CommandText = "INSERT INTO room(person,address) VALUES(?,?)";
    //cmd.Prepare();

    cmd.Parameters.Add("person", MySqlDbType.VarChar).Value = a;
    cmd.Parameters.Add("address", MySqlDbType.VarChar).Value = "myaddress";
    cmd.ExecuteNonQuery(); // HERE I GOT AN EXCEPTION IN THIS LINE

任何帮助将不胜感激.

已解决我使用了这个代码:

cmd.CommandText = "INSERT INTO room(person,address) VALUES(?person,?address)";
cmd.Parameters.Add("?person", MySqlDbType.VarChar).Value = "myname";
cmd.Parameters.Add("?address", MySqlDbType.VarChar).Value = "myaddress";
cmd.ExecuteNonQuery();

谢谢！