1

For example I have this query

    MySQL_Query = "UPDATE `owner_info` " _
    & "SET isArchived = 1 " _
    & "WHERE id=@ownerID"

    Dim MySQL_CMD As New MySqlCommand(MySQL_Query, MysqlConn)

    Try
        MySQL_CMD.Connection.Open()
        MySQL_CMD.CommandText = MySQL_Query
        MySQL_CMD.Parameters.Add(New MySqlParameter("@ownerID", ownerID))
        MySQL_CMD.ExecuteNonQuery()
    Catch myerror As MySqlException
        Console.WriteLine("Error: Owner Info Delete")
        Console.WriteLine(myerror)
    Finally
        MysqlConn.Close()
        MysqlConn.Dispose()
    End Try

If I use 

console.writeline("Query: " & MySQL_Query")

It will output

UPDATE `owner_info` SET isArchived = 1 WHERE id=@ownerID

Is there a way that I can view what's inside the @ownerID?

Yeah I can do something like the below code, but it seems hassle?

console.writeline("Query: " & MySQL_Query" & "(" & ownerID & ")")

Is there any other way to do this? Maybe a more simple way.

Improve this question
1
  • cmd.Parameters("@ownerID").Value In that code, its always going to be the value of ownerId Commented Apr 6, 2016 at 1:21

1 Answer 1

Reset to default
2

The whole point of query parameters is that parameter data values are never substituted into the sql command text, even by the database server. In this way, any possibility of an injection vulnerability is eliminated. Thus, there is nothing built in to provide a populated or annotated command text, lest some naive programmer mistakenly use it to construct vulnerable queries.

However, you could easily build a re-usable method:

Function PrintQuery(ByVal cmd As IDbCommand) As String
    Dim result As New StringBuilder(cmd.CommandText)
    result.Append(vbCrLf & vbCrLf & "--Parameter List: ")
    For Each p As DbParameter In cmd.Parameters
        result.AppendFormat("{0}--({1} —— {2})", vbCrLf, p.ParameterName, p.Value)
    Next p
    Return result.ToString()
End Function
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.