I'm despairing because an mysql error is in my code and I didn't find any helpful answer.
Code:
cn.ConnectionString = "Server=" & host.Text & ";User Id=" & user.Text & ";Password=" & password.Text & ";Database=" & database.Text & ";"
cmd.Connection = cn
Try
cn.Open()
cmd.CommandText = "LOAD DATA LOCAL INFILE '" & directory.Text & "' INTO TABLE " & database.Text & "." & table.Text & ";"
MsgBox(cmd.CommandText)
dr = cmd.ExecuteReader
Catch exError As MySqlException
MsgBox("Error: " & exError.Message, MsgBoxStyle.Critical)
End Try
cn.Close()
Screenshot of the error:
http://i.imgur.com/gkEsspQ.png
Edit: Screenshot 2 of the error (more detailed): http://i.imgur.com/iyOsAxr.png
When I use this line:
cmd.CommandText = "LOAD DATA LOCAL INFILE 'D:/Bibliothek/Desktop/test.txt' INTO TABLE test.test;
it works.
I think this is the problem.
When you use VB.Net values in MySQL query Remember to start like this '" and end like this "'
'" textbox1.text "'
Related
In here "FromSt" and "EndSt" are variables.
I wanna run that code in Vb.net.
MySql console command:
select st_distance from addst WHERE st_name IN ("value1","value1");
VB.net code:
Using FindSqlS As MySqlCommand = New MySqlCommand("SELECT st_distance FROM addst WHERE st_name = '" & FromSt & "OR" & "'st_name ='" & EndSt & "'", conn)
Looks like you left out a quote and added an extra one in another place. Try this and see if it fixes your issue:
Using FindSqlS As MySqlCommand = New MySqlCommand("SELECT st_distance FROM addst WHERE st_name = '" & FromSt & "'" & " OR " & "st_name ='" & EndSt & "'", conn)
Using FindSqlS As MySqlCommand = New MySqlCommand("SELECT st_distance FROM addst WHERE st_name = '" & FromSt & "'" & " OR " & "st_name ='" & EndSt & "'", conn)
i have picturebox and a label with path of picture location..
in mysql database i have field 'Photo' with 'Blob' Data Type
and iam using this code to insert data to database :
Try
MysqlCon = New MySqlConnection("Server=" & XIP & ";Database=" & XDB & ";User Id=" & XUser & ";Password=" & XPass & ";")
MysqlCon.Open()
MysqlCmd = New MySqlCommand("INSERT INTO staff(
Full_Name,
Full_Name_T,
Gender,
Num_ID,
Position,
Photo) VALUES
('" & txtfname.Text & "',
'" & txtfnamet.Text & "',
'" & cmbgender.Text & "',
'" & txtnumid.text & "',
'" & cmbposition.Text & "',
'" & lblphotopath.Text & "')", MysqlCon)
MysqlRdr = MysqlCmd.ExecuteReader
MysqlCon.Close()
Catch ex As Exception
Me.Enabled = True
MessageBox.Show(ex.Message & vbNewLine & "Try Again or Call Admin." & vbNewLine & "ERR.06")
Exit Sub
End Try
what iam trying to do is insert image to 'Photo' field using code above.
What should i add to my code above? or what should i change?
here my query if anyone can spot error
str = "update student set course='" & ComboBox1.Text & "',name='" &
TextBox2.Text & "',f_name='" & TextBox3.Text & "',address='" & TextBox4.Text
& "' ,tel_no='" & TextBox5.Text & "',qualification='" & TextBox6.Text &
"',remarks='" & TextBox7.Text & "',school/college='" & TextBox8.Text &
"',fee='" & TextBox10.Text & "' where reg_no=" & TextBox9.Text & " "
Here is a better way to build this query:
str = "update student " &
" set course= #course, name= #name, f_name= #fname, address= #address," &
" tel_no= #tel, qualification = #qualification, remarks= #remarks," &
" `school/college`=#school, fee= #fee" &
" where reg_no= #regno"
Using cn As New MySqlConnection("connection string here"), _
cmd As New MySqlCommand(str, cn)
'Use actual column types/lengths from your DB here
cmd.Parameters.Add("#course", MySqlDbType.VarChar, 15).Value = ComboBox1.Text
cmd.Parameters.Add("#name", MySqlDbType.VarChar, 25).Value = TextBox2.Text
cmd.Parameters.Add("#fname", MySqlDbtype.VarChar, 25).Value = TextBox3.Text
cmd.Parameters.Add("#address", MySqlDbType.VarChar, 120).Value = TextBox4.Text
cmd.Parameters.Add("#tel", MySqlDbType.VarChar, 25).Value = TextBox5.Text
cmd.Parameters.Add("#qualification", MySqlDbType.VarChar, 40).Value = TextBox6.Text
cmd.Parameters.Add("#remarks", MySqlDbType.VarString).Value = TextBox7.Text
cmd.Parameters.Add("#school", MySqlDbType.VarChar, 40).Value = TextBox8.Text
cmd.Parameters.Add("#fee", MySqlDbType.Decimal, 6, 2).Value = Convert.ToDecimal(TextBox10.Text)
cmd.Parameters.Add("#regno", MySqlDbType.Int32).Value = Integer.Parse(TextBox9.Text)
cn.Open()
cmd.ExecuteNonQuery()
End Using
This does a number of things for you:
It prevents sql injection attacks
It allows you to accept data that includes things like single quotes ('). The code you have will fail if someone puts in a single quote.
It handles things like date formatting for the sql automatically.
It's faster, because the database server can cache the execution plan after it compiles the query, and use statistics over time to get better execution plans.
It closes the db connection more reliably. The current code leaves the database connection hanging open if an exception is thrown.
I want update mysql database table in vb.net, i try and i got problem with that. this is my source
MysqlConn = New MySqlConnection
MysqlConn.ConnectionString =
"server=db4free.net;port=3306;userid=***;password=***;database=***"
Dim Reader As MySqlDataReader
Try
MysqlConn.Open()
Dim Query As String
Query = "update member set (Name='" & Val(TextBox1.Text) + Val(TextBox6.Text) & "' WHERE Username='" & TextBox8.Text & "'"
Command = New MySqlCommand(Query, MysqlConn)
Reader = Command.ExecuteReader
MysqlConn.Close()
Catch ex As Exception
MsgBox(ex.Message)
Finally
MysqlConn.Dispose()
End Try
If i do this source, i got error code like this
TextBox1.Text = 10
TextBox6.Text = 20
TextBox8.Text = John
Here's what you have
"update member set (Name='" & Val(TextBox1.Text) + Val(TextBox6.Text) & "' WHERE Username='" & TextBox8.Text & "'"
render:
update member set (Name='30' WHERE Username='John'
-
What you probably want is to remove the bracket
"update member set Name='" & Val(TextBox1.Text) + Val(TextBox6.Text) & "' WHERE Username='" & TextBox8.Text & "'"
resulting in :
update member set Name='30' WHERE Username='John'
My suggestion to you as a preference for building these strings is to separate the parameters more often. It keeps things neat and easy.
ex:
dim x as string = (Val(TextBox1.Text) + Val(TextBox6.Text)).tostring
dim cmd as string =
"update member " &
"set Name=" & "'" & x & "' " &
"WHERE Username=" & "'" & TextBox8.Text & "'"
Good evening all,
I'm using the following as an attempt to update records in my MySQL database, but the records aren't being updated and I'm not catching any exceptions either. Your help would be kindly appreciated:
dbConn = New MySqlConnection("Server=" & FormLogin.ComboBoxServerIP.SelectedItem & ";Port=3306;Uid=trojan;Password=horse;Database=accounting")
Try
If dbConn.State = ConnectionState.Open Then
dbConn.Close()
Else
Try
dbConn.Open()
Dim dbAdapter As New MySqlDataAdapter("UPDATE customer " & _
"SET accountNumber= '" & TextBoxAccount.Text & "', nameLAST='" & TextBoxLastName.Text & "', nameFIRST='" & TextBoxFirstName.Text & "'" & _
"nameSALUTATION='" & ComboBoxSalutation.SelectedItem & "', nameCOMPANY='" & TextBoxCompanyName.Text & "', addressSTREET='" & TextBoxAddress1.Text & "'" & _
"addressSTREET1='" & TextBoxAddress2.Text & "', addressCITY='" & TextBoxCity.Text & "', addressSTATE='" & ComboBoxState.SelectedItem & "'" & _
"addressZIPCODE='" & MaskedTextBoxZip.Text & "', phone='" & MaskedTextBoxPhone.Text & "', fax='" & MaskedTextBoxFax.Text & "', email='" & TextBoxEmail.Text & "'" & _
"WHERE accountNumber='" & TextBoxAccount.Text & "';", dbConn)
Catch ex As Exception
MessageBox.Show("A DATABASE ERROR HAS OCCURED" & vbCrLf & vbCrLf & ex.Message & vbCrLf & _
vbCrLf + "Please report this to the IT/Systems Helpdesk at Ext 131.")
End Try
MessageBox.Show("Customer account SUCCESSFULLY updated!")
Call lockForm()
End If
Catch ex As Exception
MessageBox.Show("A DATABASE ERROR HAS OCCURED" & vbCrLf & vbCrLf & ex.Message & vbCrLf & _
vbCrLf + "Please report this to the IT/Systems Helpdesk at Ext 131.")
End Try
Call lockForm()
dbConn.Close()
Use MySQLCommand instead of MySQLDataAdapter. You are defeating the purpose of using ADONet because still your code is vulnerable with sql injection. Make it parameterized. Below is a modified code from your code. It uses Using-End Using for proper handling of object disposal.
Dim ConnectionString As String ="Server=" & FormLogin.ComboBoxServerIP.SelectedItem & ";Port=3306;Uid=trojan;Password=horse;Database=accounting"
Dim iQuery As String = "UPDATE customer " & _
"SET accountNumber = #accountNumber, nameLAST = #nameLAST, nameFIRST = #nameFIRST, " & _
" nameSALUTATION = #nameSALUTATION, nameCOMPANY = #nameCOMPANY, addressSTREET = #addressSTREET, " & _
" addressSTREET1 = #addressSTREET1, addressCITY = #addressCITY, addressSTATE = #addressSTATE, " & _
" addressZIPCODE = #addressZIPCODE, phone = #phone, fax = #fax, email = #email " & _
"WHERE accountNumber = #accountNumber"
Using dbConn As New MySqlConnection(ConnectionString)
Using dbComm As New MySQLCommand()
With dbComm
.Connection = dbConn
.CommandType = CommandType.Text
.CommandText = iQuery
.Parameters.AddWithValue("#accountNumber", TextBoxAccount.Text )
.Parameters.AddWithValue("#nameLAST", TextBoxLastName.Text)
.Parameters.AddWithValue("#nameFIRST", TextBoxFirstName.Text)
.Parameters.AddWithValue("#nameSALUTATION", ComboBoxSalutation.SelectedItem)
.Parameters.AddWithValue("#nameCOMPANY", TextBoxCompanyName.Text)
.Parameters.AddWithValue("#addressSTREET", TextBoxAddress1.Text)
.Parameters.AddWithValue("#addressSTREET1", TextBoxAddress2.Text)
.Parameters.AddWithValue("#addressCITY", TextBoxCity.Text)
.Parameters.AddWithValue("#addressSTATE", ComboBoxState.SelectedItem)
.Parameters.AddWithValue("#addressZIPCODE", MaskedTextBoxZip.Text)
.Parameters.AddWithValue("#phone", MaskedTextBoxPhone.Text)
.Parameters.AddWithValue("#fax", MaskedTextBoxFax.Text)
.Parameters.AddWithValue("#email", TextBoxEmail.Text)
End With
Try
dbConn.Open
dbComm.ExecuteNonQuery()
MessageBox.Show("Customer account SUCCESSFULLY updated!")
Call lockForm()
Catch( ex as MySQLException)
MessageBox.Show("A DATABASE ERROR HAS OCCURED" & vbCrLf & vbCrLf & ex.Message & vbCrLf & _
vbCrLf + "Please report this to the IT/Systems Helpdesk at Ext 131.")
Finally
dbConn.Close()
End Try
End Using
End Using
In this case, I would use ExecuteNonQuery as you can't use a MySQLDataAdapter the way you are trying to use it. Also please use paramters as what you are doing opens you up to SQL injection attacks. And finally you don't need to update accountNumber because you are using that to find the row which you want to update!