How can I make a recursive query?

Hello everybody,

I finally could populate a combobox in VB.NET with data grabbed from a remote MySQL DB. The problem is that that data, only fills the combobox but doesn't store the query results in an array or anything. What I need to do now, is to validate the selected user with the DB, while making the password MD5 hashed. This MD5 encrypt is easy, but I don't know why I can't make the second query to fetch the password for the selected user in the combobox (making a last name, first name comparation).

Here's my code:
Private Sub comUsername_TextChanged(ByVal sender As Object, ByVal e As System.EventArgs) Handles comUsername.TextChanged
        If comUsername.Text <> "" Then
            txtPassword.Enabled = True
            Dim user_full_name As String
 
            user_full_name = comUsername.Text
 
            SQL2 = "SELECT user_id FROM users WHERE 'user_last_name, user_name' = @user_full_name"
            myCommand.Connection = conn
            myCommand.CommandText = SQL2
 
            myAdapter.SelectCommand = myCommand
            myAdapter.Fill(myData)
 
            oReader = myCommand.ExecuteReader
 
            selected_user_id = oReader("user_id")
 
            MsgBox(selected_user_id)
 
            oReader.Close()
 
        Else
            txtPassword.Text = ""
            txtPassword.Enabled = False
        End If
    End Sub

Open in new window

LVL 6
Cesar AracenaPHP EnthusiastAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Guy Hengel [angelIII / a3]Connect With a Mentor Billing EngineerCommented:
>            SQL2 = "SELECT user_id FROM users WHERE 'user_last_name, user_name' = @user_full_name"

you might look for the CONCAT function:
            SQL2 = "SELECT user_id FROM users WHERE CONCAT(user_last_name, ' ' , user_name) = @user_full_name"

assuming lastname and username as separated by a space.
0
 
Cesar AracenaPHP EnthusiastAuthor Commented:
Thanks! It was that. it also had a comma (plus space). Another thing that I found is how to propperly place the variable in the SELECT statement:

SQL2 = "SELECT * FROM users WHERE concat(user_last_name,', ',user_name) = '" & comUsername.Text & "'"

Thanks agian!
0
 
Guy Hengel [angelIII / a3]Billing EngineerCommented:
>Another thing that I found is how to propperly place the variable in the SELECT statement:
using that method is NOT properly done.
use either the MySqlParameter, or at least handle the single quote "issue":

SQL2 = "SELECT * FROM users WHERE concat(user_last_name,', ',user_name) = '" & comUsername.Text.Replace("'", "''") & "'"

using the MySqlParameter:
http://dotnetnuke.adefwebserver.com/MySQL/MySql5sample/tabid/289/Default.aspx
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.