Hallow[Online]

Development Blog!

MySQL Connector/NET is EVIL!

leave a comment »

Well, I finally got around to figuring out how to sterilize the SQL queries. Originally, I was under the assumption that MySqlCommand.Parameters.AddWithValue() would do it without me having to edit too much in my SELECT statement but thanks to the POOR documentation on sterilizing the query, it took me HOURS to figure it out. Now that I’ve figured it out, I’ll help out EVERYONE that has ran across the SAME problem by just SHOWING and example below.

MySqlCommand mysqlCmd = new MySqlCommand("SELECT * FROM accounts WHERE (username = ?username) and (password = ?password)", MySqlConnection);
mysqlCmd.Parameters.AddWithValue("?username", "MY USERNAME");
mysqlCmd.Parameters.AddWithValue("?password", "MY SECRET PASSWORD");
mysqlCmd.Prepare();
MySqlDataReader mysqlReader = mysqlCmd.ExecuteReader();
while (mysqlReader.Read())
{
// Reader stuff here...
}

Advertisements

Written by FuRom

September 26, 2008 at 9:09 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: