VB.NET MYSQL 使用 MySQL 显示数据错误

Question

Hello I'm trying to display data in vb.net using MySQL syntax here is my Mysql syntax

SELECT  COUNT(status) as 'Number of Grade School for the Month of January'
                                    FROM blhtraining.userinfo
                                    Where survey_at='Talisay' 
                                    and status='College' and Month(member_since)='1' and 
                                    Year(member_since)='2021' 

And this code works in Mysql but when i modify it like this in vb.net

 Dim count_gradeSchool1 As String = "Select Case COUNT(status) As 'Members'
                                            From training.userinfo
                                            Where survey_at='" & txtmonthlylocation.Text & "' 
                                            And status ='College' 
                                            And Month(member_since)='" & monthly_reports & "'  
                                            And YEAR(member_since)='" & txtmyear.Text & "' 
                                            And Day(member_since)='11'"



        da = New MySqlDataAdapter(count_gradeSchool1, mycon)
        dt = New DataTable()
        da.Fill(dt)
        lblgs1.Text = dt.Rows(0)("Members")

I recieved this error

You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'As 'Members' From training.u' at line 1

I'm sure the syntax is correct is it the variable declared?

Answer 1

Your problems probably came about because you pasted the SQL into your code without starting a string first, so VB saw "select" and helped you out by adding "case". So, here is code that...

• ...has fixed SQL syntax

• ...uses parameters. Always use parameters. You've no idea how many times a day I say this, trying to stem the tide of future SQL injection hacks. Writing code that doesn't use parameters will get you fired, or you'll have to live with the consequences of writing hack prone code on your conscience. Don't ever skip on using parameters in your SQLs, even if it's "only an app to track your grandma's record collection"

• ...doesn't call functions on columns in the where clause - don't do it; it's a huge waste of resources and kills opportunities to use indexes. Always, always try to leave table data alone, untransformed. In 99% of cases there is another way to write the query

• ...uses executescalar - you only want one value, pointless using an adapter/table for it

• ...doesn't use column alises with spaces in - as noted in the comments - don't do it; it's not the database's job to format your column names, it's the front end's job.

   Dim count_gradeSchool1 As String = "Select COUNT(*) as c FROM training.userinfo Where survey_at = @loc And status = 'College' And member_since = @ms" Using c = New MySqlCommand(count_gradeSchool1, mycon) c.Parameters.AddWithValue("@loc", txtmonthlylocation.Text) c.Parameters.AddWithValue("@ms", new Date(CInt(txtmyear.Text), CInt(monthly_reports), 11) c.Connection.Open() 'if it's not already open lblgs1.Text = c.ExecuteScalar().ToString() End Using