Ismail.ethio
Reputation: 35
VB.Net with mySql issue?
I am Searching and Block registration for duplicate ID from mysql Database using VB.Net 2010. I have got: you have an error in your sql syntax....
Please can you to help me in this? What will be the mistake i made? What will be the correct way?
Imports System.IO
Imports MySql.Data.MySqlClient
Imports System.Data.SqlClient
Public Class Add_Clients
Private Sub CheckClient()
Dim myquery As String = ""
Dim mycmd As MySqlCommand
myquery = "select * from clients where client_id=" & clid.Text
mycmd = New MySqlCommand(myquery, con)
Dim idno As Integer = mycmd.ExecuteNonQuery()
If idno < 0 Then
MsgBox("The Client is already Exist!", MsgBoxStyle.Exclamation, "Car Rental System")
Return
End If
End Sub
Upvotes: 0
Views: 57
Answers (2)
ron tornambe
Reputation: 10780
You should use a parameterized query. It simplifies the code while guarding against injection attacks.
myquery = "select * from clients where client_id=@clid"
**mycmd = New MySqlCommand(myquery, con)**
mycmd.Parameters.AddWithValue("@clid", clid.Text);
Upvotes: 0
chris_techno25
Reputation: 2477
Your query should be like this...
myquery = "SELECT * FROM clients WHERE client_id='" & clid.Text.Replace("'","''").Trim() & "'"
The additional .Replace("'","''").Trim() should protect you from SQL injection. This should work for now... But you later have you use parametized queries to avoid SQL hacks :) So for now, practice SQL statements first.
Upvotes: 1
Related Questions
- Unhandled exception issue vb.net
- Vb.net and MySQL issue
- Visual Basic warning
- VB.NET MySQL Fatal Error But database accepts input
- Mysql Database connection vb.net
- Visual Basic 2005 + mysql
- how to connect to mysql with visual basic 2010
- VB.NET MySQL connection
- Connecting VB.NET to a MySQL Database
- visual basic 2005 & mySQL