Click here to Skip to main content
15,905,148 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
I am trying to execute a INSERT statement on a mySQL DB in C#:

string value1 = "INSERT INTO new_t(id, bid, idate,ino,int,icy) " +
"VALUES ('" + id + "', '" + bid + "', '" + idate + "', '" + ino + "', '" + int + "', 'ee')";
string result = true;
try
{
if (dbConnection.State == System.Data.ConnectionState.Open)
{
MySqlCommand myCmd = new MySqlCommand(value1, dbConnection);
if (myCmd.ExecuteNonQuery() == 0)
result = false;
}
}
catch (NotImplementedException ex)
{
MsgBox("1 " + ex.Message + DateTime.Now);
throw new NotImplementedException();
}
catch (Exception ex)
{
MsgBox("2 " + ex.Message + DateTime.Now);
throw new Exception();
}

return result;
}

This fails with the error: mysql Fatal error encountered during command execution. Any ideas on why this would fail?

What I have tried:

i have try in local DB, but can't get this error. this error only appear in when connect to other PC DB via IP.
Posted
Updated 24-Aug-16 21:46pm

1 solution

No help can be provided because we need to know the types and values of id, bid, idate, ino and int.
You also need to show the contain of value1 because your method to pass parameters is subject to a problem called code injection.
SQL Injection[^]
SQL injection - Wikipedia, the free encyclopedia[^]
Nota: it is a bad idea to use a variable type as a variable name.
 
Share this answer
 

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900