Link to home
Create AccountLog in
Avatar of Cesar Aracena
Cesar AracenaFlag for Argentina

asked on

How can I make a recursive query?

Hello everybody,

I finally could populate a combobox in VB.NET with data grabbed from a remote MySQL DB. The problem is that that data, only fills the combobox but doesn't store the query results in an array or anything. What I need to do now, is to validate the selected user with the DB, while making the password MD5 hashed. This MD5 encrypt is easy, but I don't know why I can't make the second query to fetch the password for the selected user in the combobox (making a last name, first name comparation).

Here's my code:
Private Sub comUsername_TextChanged(ByVal sender As Object, ByVal e As System.EventArgs) Handles comUsername.TextChanged
        If comUsername.Text <> "" Then
            txtPassword.Enabled = True
            Dim user_full_name As String
 
            user_full_name = comUsername.Text
 
            SQL2 = "SELECT user_id FROM users WHERE 'user_last_name, user_name' = @user_full_name"
            myCommand.Connection = conn
            myCommand.CommandText = SQL2
 
            myAdapter.SelectCommand = myCommand
            myAdapter.Fill(myData)
 
            oReader = myCommand.ExecuteReader
 
            selected_user_id = oReader("user_id")
 
            MsgBox(selected_user_id)
 
            oReader.Close()
 
        Else
            txtPassword.Text = ""
            txtPassword.Enabled = False
        End If
    End Sub

Open in new window

ASKER CERTIFIED SOLUTION
Avatar of Guy Hengel [angelIII / a3]
Guy Hengel [angelIII / a3]
Flag of Luxembourg image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Avatar of Cesar Aracena

ASKER

Thanks! It was that. it also had a comma (plus space). Another thing that I found is how to propperly place the variable in the SELECT statement:

SQL2 = "SELECT * FROM users WHERE concat(user_last_name,', ',user_name) = '" & comUsername.Text & "'"

Thanks agian!
>Another thing that I found is how to propperly place the variable in the SELECT statement:
using that method is NOT properly done.
use either the MySqlParameter, or at least handle the single quote "issue":

SQL2 = "SELECT * FROM users WHERE concat(user_last_name,', ',user_name) = '" & comUsername.Text.Replace("'", "''") & "'"

using the MySqlParameter:
http://dotnetnuke.adefwebserver.com/MySQL/MySql5sample/tabid/289/Default.aspx