ILYAS Zahir
asked on
Check if record exists in DB Mysql c#
hi experts my code is like that check on table1 if textbox1.Text exist if yes go to table2 and check if textbox1.text exist and if textbox2.Text exist if they exist open the form if not insert them and open the form and if textbox1.text exist and textbox2.text doesn't exist close form
i wrote this :
but it doesn't work its always go directly to insert and it insert it two times
i wrote this :
MySqlConnection con = new MySqlConnection(connectionString);
i = 0;
con.Open();
MySqlCommand cmd = con.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = "select * from informat where u_ser = '" + metroTextBox2.Text + "' ";
cmd.ExecuteNonQuery();
DataTable dt = new DataTable();
MySqlDataAdapter da = new MySqlDataAdapter(cmd);
da.Fill(dt);
i = dt.Rows.Count;
int userial = metroTextBox2.Text.Length;
if (userial >= 5 || metroTextBox2.Text == null)
{
MySqlConnection conet = new MySqlConnection(connectionString);
conet.Open();
MySqlCommand cmsd = conet.CreateCommand();
cmsd.CommandType = CommandType.Text;
cmsd.CommandText = "select * from alred where u_ser = '" + metroTextBox2.Text + "'and u_ip = '" + textBox1.Text + "'";
cmsd.ExecuteNonQuery();
DataTable ddts = new DataTable();
MySqlDataAdapter ddas = new MySqlDataAdapter(cmsd);
ddas.Fill(ddts);
if (textBox1.Text != null)
{
MessageBox.Show("Your Serial is used in another computer");
this.Close();
}
else if (metroTextBox2.Text == null & textBox1.Text == null)
{
ireview frms = new ireview();
this.Hide();
frms.Show();
}
else if (metroTextBox2.Text != null && textBox1.Text != null)
{
MySqlConnection conect = new MySqlConnection(connectionString);
conect.Open();
MySqlCommand cmsdd = conet.CreateCommand();
cmsdd.CommandType = CommandType.Text;
cmsdd.CommandText = "INSERT INTO alred (u_ser, u_ip) " + " Values ('" + metroTextBox2.Text + "', '" + textBox1.Text + "')";
cmsdd.ExecuteNonQuery();
DataTable sddts = new DataTable();
MySqlDataAdapter sddas = new MySqlDataAdapter(cmsdd);
sddas.Fill(sddts);
ireview frms = new ireview();
this.Hide();
frms.Show();
}
}
else
{
MessageBox.Show("You Serial Doesn't Exist");
}
}but it doesn't work its always go directly to insert and it insert it two times
ASKER
okay i will try it can you write that query with textbox im using ?
?? Use a parameterized query. Otherwise you may create a SQL Injection vulnerability. Or use string.Format in conjuction with Replace().
@ste5an : Parameterized query, for sure. String Replace does not have the built-in protections against SQL Injection.
@Megan: It does.. well when used wisely..
namespace ConsoleCS
{
using System;
public class Program
{
static string SqlQuoteStr(string text, string delimiter = "'")
{
return delimiter + text.Replace(delimiter, delimiter + delimiter) + delimiter;
}
static void Main(string[] args)
{
const string DELIMITER = "'";
string value1 = "value1";
string value2 = "D'oh.";
string commandText = "SELECT * FROM informat I INNER JOIN alred A ON I.u_ser = A.u_ser WHERE I.u_ser = {0} AND A.u_ip = {1};";
Console.WriteLine(
string.Format(
commandText,
DELIMITER + value1.Replace(DELIMITER, DELIMITER + DELIMITER) + DELIMITER,
DELIMITER + value2.Replace(DELIMITER, DELIMITER + DELIMITER) + DELIMITER
)
);
Console.WriteLine(string.Format(commandText, SqlQuoteStr(value1), SqlQuoteStr(value2)));
Console.WriteLine("Done.");
Console.ReadLine();
}
}
}This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Open in new window