In MySQL object names (table names, column names...) are quoted with backticks:
`
You're using single quotes, so you're actually selecting string constants instead of columns.
So do this instead:
select `m_ac`,`m_pw`,`m_fn`,`m_ln` ...
Additional suggestions:
- Use SQL-Parameters instead of concatenating your query-string
- Use intuitive column names - the times where column names could only be 8 characters or so are over ;)
- Use
using
-Blocks for the Connection-, Command and DataReader-Objects
- Use either the Interface-versions or the abstract baseclasses instead of the database-specific classes (e.g. IDbConnection or DbConnection instead of MySqlConnection) - which will allow you to easily switch to another database system if required or re-use your code in another project where you'll use another database-system:
using (DbConnection conn = new MySqlConnection(connectionString))
{
conn.Open();
using (DbCommand cmd = conn.CreateCommand())
{
cmd.Connection = conn;
cmd.CommandText = "select ....";
using (DbDataReader dr = cmd.ExecuteReader())
{
}
}
}
In the above example you would only have to make one change to use it for SQL-Server or some other database system. If you would use a
DbProviderFactory[
^] to create your Db*****-Objects, you wouldn't have to change anything.
Obtaining a DbProviderFactory[
^]
Edit after comment:
cmd.CommandText = "select `m_ac`,`m_pw`,`m_fn`,`m_ln` from member where m_ac=`" + username_textBox.Text + "` and m_pw=`" + password_textBox.Text + "`";
An unhandled exception occurred in MySql.Data.dll
Additional information: Unknown column 'test' in 'where clause'
When quoting "things" in a query string you have to differentiate between object names (table names, column names) and string literals (your TextBox-inputs). Object names are quoted with backticks in MySQL, string literals are quoted with single quotes. Object names only
have to be quoted
if they otherwise would collide with a MySQL-reserved-keyword (e.g. a table or column named "select" or "from"). String literals
have to be quoted
always.
You quoted your TextBox-inputs with backticks, so MySQL interpreted it as column-names and couldn't find the column named "test".
Your query string-construction can either look like this:
cmd.CommandText = "select `m_ac`, `m_pw`, `m_fn`, `m_ln` from `member` where `m_ac`='" + username_textBox.Text + "' and `m_pw`='" + password_textBox.Text + "'";
or like this:
cmd.CommandText = "select m_ac, m_pw, m_fn, m_ln from member where m_ac='" + username_textBox.Text + "' and m_pw='" + password_textBox.Text + "'";
If you would use SQL-Parameters, it could look like this and you wouldn't have to bother with quoting string literals (on top of other benefits like avoiding the risk of SQL-injection and better readibility):
cmd.CommandText = "select m_ac, m_pw, m_fn, m_ln from member where m_ac=?user and m_pw=?pw";