0

Hello,

I am having trouble converting my "MySQL" statement to a prepared statement. here is the part of the code that i need help with.

How Do I make below statement a prepared statement and can actually read the result afterwards. this way everything works perfectly, except that its not a prepared statement.

Please help. This is a web application in ASP.net using C#.

Thank you in advance.

String query = "Select * from Member where username=\"" + TextBox2.Text + "\";";
                MySqlCommand cmd = new MySqlCommand(query, conn);
                MySqlDataReader print = cmd.ExecuteReader();
                bool read = print.Read();
                string password = print.GetString(2);

Regards,
Roswell67

3
Contributors
2
Replies
8
Views
7 Years
Discussion Span
Last Post by eliza81
0

Parameterized query.

String query = "Select * from Member where username=?uname";
                MySqlCommand cmd = new MySqlCommand(query, conn);
                cmd.Parameters.Add("?uname",TextBox1.Text);
                MySqlDataReader print = cmd.ExecuteReader();
                bool read = print.Read();
                string password = print.GetString(2);
0
String query = "Select * from Member where username= ?userName";

MySqlCommand cmd = new MySqlCommand(query, conn);

cmd.Prepare();
cmd.Parameters.Add("?userName",  TextBox2.Text);

MySqlDataReader print = cmd.ExecuteReader();

bool read = print.Read();

string password = print.GetString(2);

Hello,

I am having trouble converting my "MySQL" statement to a prepared statement. here is the part of the code that i need help with.

How Do I make below statement a prepared statement and can actually read the result afterwards. this way everything works perfectly, except that its not a prepared statement.

Please help. This is a web application in ASP.net using C#.

Thank you in advance.

String query = "Select * from Member where username=\"" + TextBox2.Text + "\";";
                MySqlCommand cmd = new MySqlCommand(query, conn);
                MySqlDataReader print = cmd.ExecuteReader();
                bool read = print.Read();
                string password = print.GetString(2);

Regards,
Roswell67

Edited by __avd: Added [code] tags. Encase your code in: [code] and [/code] tags.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.