0

Follow up question

Is the way I used the using statement in the following code correct?

else if(updated_password == confirm_password)
{
   using (old_connection = new MySqlConnection("server=localhost;user id=" + old_user + ";database=DB;password=" + old_pass))
   {
       MySqlCommand old_cmd = new MySqlCommand("ALTER USER'" + old_user + "'@'localhost' IDENTIFIED BY'" + confirm_password + "'", old_connection);

       old_cmd.ExecuteNonQuery();
       //old_connection.Close();
       MessageBox.Show("Password changed successfully.", "Info", MessageBoxButtons.OK, MessageBoxIcon.Information);
       //old_connection.Open();
    }
}
Improve this question

2 Answers 2

Reset to default
1

You pretty much are using 'using' correctly however a few small issues with the code.

Ideally you can create a new connection each time instead of using the same variable every time. This will help with scoping issues and less likely to make mistakes such as using an old instance of it. Like:

 using (var connection = new MySqlConnection("server=localhost;user id=" + old_user + ";database=DB;password=" + old_pass))

The connection still needs to be opened in the 'using' statement. 'using' only handles is disposal of the object. So first line inside the 'using' should be:

connection.Open();

Parameters should also be used when creating the 'MySqlCommand' to protect against SQL injection attacks.

Improve this answer
Sign up to request clarification or add additional context in comments.

10 Comments

"Parameters should also be used when creating the 'MySqlCommand' to protect against SQL injection attacks." So basically MySqlCommand(query,old_connection) where query is ""ALTER USER'" + old_user + "'@'localhost' IDENTIFIED BY'" + confirm_password + "'""
I declared the MySqlConnection old_connection; at the beginning of the code. So you say I should remove the declaration and just use var old_connection every time I want to connect to the database? and by using the using() statment is there ever a need to say old_connection.Open(), the part that is commented out?
Yes you should be creating a new connection object each time and call connection.Open(). Using will close the connection so if there are connections then you'll never open it back up again. Parameters wise the top answer here explains it pretty well: stackoverflow.com/questions/13580993/…
I am still a bit confused. So you say if I want to make another connection I should NOT use var connection (or var old_connection) but rather use another one like var conn(...) and immediately use conn.Open()?
It isn't necessary as the application will still work but could be a security flaw. I'd say put it in another question as it's not really relevant to "using" statements
|
1 
using(var old_connection = ...)

Would be better. There is no need to save the connection outside of the scope of the using statement

Improve this answer

1 Comment

I declared the MySqlConnection old_connection; at the beginning of the code. So you say I should remove the declaration and just use var old_connection every time I want to connect to the database? and by using the using() statment is there ever a need to say old_connection.Open(), the part that is commented out?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.