Click here to Skip to main content
15,867,704 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
Hello there,

When trying to delete 2 users out of the database at one time, like < DELETE ... where id = '23, 54' > would crash the C# script.

How can I stop either C# or MySQL from reading everything? I just need the first ID, '23' to be sent to MySQL.

When complying, I get this error from C#:
C#
Object reference not set to an instance of an object.


What I have tried:

String sSql = "DELETE FROM logintb.mytable WHERE name = '" + newusername + "' ORDER BY id LIMIT 1;');";
DBAccess.InsertRandomItem(sSql);
Posted
Updated 26-Sep-16 20:36pm

1 solution

A few issues

1) you dont show us any usable C# code except (2)
2) what you do show is that your SQL is subject to SQL injection attacks, you should learn how to use parameters instead
3) your SQL statement syntax itself is incorrect - you need

SQL
DELETE from login.mytable where id IN (23, 54);
 
Share this answer
 
Comments
TheRealProgrammer 27-Sep-16 2:37am    
The only problem is that when the newusername variable is a regular number, for example 23 it's working. When someone tries to enter 2 IDs or a double number, or example 23, 24 or 33,4 it would stop working.

I would like not to let the user type in any "," or something like that. Newusername is a TextBox.
Garth J Lancaster 27-Sep-16 2:44am    
then its up to YOU to sanitise your input and act accordingly - using the SQL statement I gave you you can have

IN (x)

or

IN (x, y)

its quite easy to make this a parameter from your textbox - but the business rules & validation have to be done by you to match the requirements

TheRealProgrammer 27-Sep-16 2:57am    
I don't understand how can I format the TextBox itself so if someone types in "," or other characters then it to be deleted.

For example:

InputUserID = "24,2"
**convert**
OutputUserID = "242"
Garth J Lancaster 27-Sep-16 3:29am    
there are a few ways -

remove all non numeric digits for example,
validate the textbox,
disallow non-numeric keys when in that textbox

Theres a bigger issue I think, that of the user entering a number they didnt intend to - maybe selecting the record to be deleted from a grid or such, then using the id from that is better
TheRealProgrammer 27-Sep-16 3:49am    
if (Regex.IsMatch(modifyIdInput.Text, "[ ^ 0-9]"))
{
**code**
}

would do it. Thanks!

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900