0

I am Searching and Block registration for duplicate ID from mysql Database using VB.Net 2010. I have got: you have an error in your sql syntax....

Please can you to help me in this? What will be the mistake i made? What will be the correct way?

Imports System.IO
Imports MySql.Data.MySqlClient
Imports System.Data.SqlClient

    Public Class Add_Clients
        Private Sub CheckClient()
            Dim myquery As String = ""
            Dim mycmd As MySqlCommand

            myquery = "select * from clients where client_id=" & clid.Text
            mycmd = New MySqlCommand(myquery, con)
            Dim idno As Integer = mycmd.ExecuteNonQuery()

            If idno < 0 Then
      MsgBox("The Client is already Exist!", MsgBoxStyle.Exclamation, "Car Rental System")
                Return
            End If

        End Sub
Improve this question
1
  • Your SQL Statement is wrong. the whole statement should be inside the Double Codes e.g "select * from clients where client_id=clid.Text" Commented Feb 20, 2014 at 13:57

2 Answers 2

Reset to default
1

Your query should be like this...

 myquery = "SELECT * FROM clients WHERE client_id='" & clid.Text.Replace("'","''").Trim() & "'"

The additional .Replace("'","''").Trim() should protect you from SQL injection. This should work for now... But you later have you use parametized queries to avoid SQL hacks :) So for now, practice SQL statements first.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thanks very much. Nice advise really!
Your welcome :) Practice SQL statements first... Then move on to parametized queries :) One step at a time.
0

You should use a parameterized query. It simplifies the code while guarding against injection attacks.

myquery = "select * from clients where client_id=@clid" 
**mycmd = New MySqlCommand(myquery, con)**
mycmd.Parameters.AddWithValue("@clid", clid.Text);
Improve this answer

2 Comments

Your code has error near mycmd "Object reference not set to an instance of an object." check it!
You have a point, but i do not see where your con(nection) object is being set either. In any case, you should get into the habit of using parameters.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.