Unable to execute cmd.ExecuteReader()
Question
Here is the code where i'm trying to retrieve user name using emailid.
string query="select name from userdetails where emailid=" + email + ";" ;
connection.Open();
MySqlCommand cmd = new MySqlCommand(query,connection);
MySqlDataReader rd = cmd.ExecuteReader();
while(rd.Read())
{
uname = (string)rd["emailid"];
return uname;
}
3 answers
solution1
3 2013-05-21 15:25:08
parameterized the value to avoid from SQL Injection
string query="select name from userdetails where emailid=@email" ;
MySqlCommand cmd = new MySqlCommand(query,connection);
cmd.Parameters.AddWithValue("@email", email);
Try this code snippet:
string connStr = "connection string here";
string sqlStatement = "select name from userdetails where emailid=@email";
using (MySqlConnection conn = new MySqlConnection(connStr))
{
using(MySqlCommand comm = new MySqlCommand())
{
comm.Connection = conn;
comm.CommandText = sqlStatement;
comm.CommandType = CommandType.Text;
comm.Parameters.AddWithValue("@email", email);
try
{
conn.Open();
MySqlDataReader rd = cmd.ExecuteReader();
// other codes
}
catch(SqlException e)
{
// do something with the exception
// do not hide it
// e.Message.ToString()
}
}
}
For proper coding
- use
usingstatement for proper object disposal - use
try-catchblock to properly handle exception
solution2
2 2013-05-21 15:23:26
Put you emailin sigle qoute because it is varchar like this..
string query="select name from userdetails where emailid='" + email + "';" ;
But this may cause SQL Injection...so use this...
string query="select name from userdetails where emailid=@email;" ;
MySqlCommand cmd = new MySqlCommand(query,connection);
cmd.Parameters.AddWithValue("@email",email);
solution3
1 2013-05-21 15:24:37
Update your select query like this with adding email in single quote:
string query = "select name from userdetails where emailid='" + email +"';";
or you can use parametrized query like this :
string query="select name from userdetails where emailid=@email" ;
MySqlCommand cmd = new MySqlCommand(query,connection);
cmd.Parameters.AddWithValue("@email", email);
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
SQl cmd.ExecuteReader() what does it return
OleDbDataReader cmd.ExecuteReader() “Enumeration Yielded No Results”
No popups and error source is rdr=cmd.executereader();
dataReader reader = cmd.executereader() not working
MySqlCommand cmd.ExecuteReader() errors when sitting on a breakpoint for over 3 seconds
Incorrect syntax near '=' Error: dr = cmd.ExecuteReader();
rdr = cmd.ExecuteReader() giving Data type mismatch in criteria expression
MySqlDataReader dataReader =cmd.ExecuteReader() pop up the window Form without getting into the while loop
If condition is true then break or close sqlDatareader and get out from using (SqlDataReader rdr = cmd.ExecuteReader()) method
Unable to execute cmd command using C#
Related Tags