MySQL Parameters not adding values

Question

I am trying to get the row count of my accounts table so that I can login accounts but the MySQL parameters aren't adding the values.

Here is my code:

public int MyMethod(string username, string password)
{
    int count = 0;
    string query = "SELECT * FROM accounts WHERE username = '?user' AND password = '?pass' LIMIT 1;";

    using (MySqlCommand cmd = new MySqlCommand(query, connector))
    {
        cmd.Parameters.Add(new MySqlParameter("?user", username));
        cmd.Parameters.Add(new MySqlParameter("?pass", password));

        count = int.Parse(cmd.ExecuteScalar().ToString());
    }

    return count;
}

John Woo · Accepted Answer · 2013-01-14 14:01:26Z

4

parameter place holder should not be enclosed with single quotes because it forces it to become a value and not a parameter anymore, try this,

public int MyMethod(string username, string password)
{
    int count = 0;
    string query = "SELECT * FROM accounts WHERE username = @user AND password = @pass LIMIT 1;";

    using (MySqlCommand cmd = new MySqlCommand(query, connector))
    {
        cmd.Parameters.Add(new MySqlParameter("@user", username));
        cmd.Parameters.Add(new MySqlParameter("@pass ", password));

        connector.Open(); // don't forget to open the connection
        count = int.Parse(cmd.ExecuteScalar().ToString());
    }

    return count;
}

answered Jan 14, 2013 at 14:01

John Woo

265k70 gold badges509 silver badges500 bronze badges

Sign up to request clarification or add additional context in comments.

Comments

Manuel · Accepted Answer · 2013-01-14 14:01:20Z

1

I believe you want to do something like this:

SELECT COUNT(*) FROM accounts WHERE username = '?user' AND password = '?pass';

This will get you the number of records that have the specified username and password.

answered Jan 14, 2013 at 14:01

Manuel

10.3k5 gold badges44 silver badges61 bronze badges

Comments

Sylca · Accepted Answer · 2013-01-14 14:21:57Z

1

Try to add parameters like this:

cmd.Parameters.AddWithValue("@user", username);
cmd.Parameters.AddWithValue("@pass", password);

answered Jan 14, 2013 at 14:21

Sylca

2,5554 gold badges34 silver badges52 bronze badges

Comments

yoav barnea · Accepted Answer · 2013-01-14 15:13:28Z

1

try this: @myVariable instead '?myVariable' , SELECT COUNT(*) instead SELECT *

public int MyMethod(string username, string password)
{
  int count = 0;
  string query = "SELECT count(*) FROM accounts WHERE username = @user AND password = @pass LIMIT 1;";

   using (MySqlCommand cmd = new MySqlCommand(query, connector))
   {
      connector.Open(); 
      cmd.Parameters.AddWithValue("@user", username);
      cmd.Parameters.AddWithValue("@pass", password);       
      count = int.Parse(cmd.ExecuteScalar().ToString());
   }

   return count;
}

answered Jan 14, 2013 at 15:13

yoav barnea

6,0242 gold badges24 silver badges28 bronze badges

Collectives™ on Stack Overflow

MySQL Parameters not adding values

4 Answers 4

Comments

Comments

Comments

Comments

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

4 Answers 4

Comments

Comments

Comments

Comments

Your Answer

Sign up or log in

Post as a guest

Related