ansaurus

Question

MySQL Query Glitch

Answer 1

A:

In MySQl, the fields and tables are denoted by a apostrophe/backtick in this case...

"SELECT `Points` FROM `user` WHERE `Username`= '" & UsernameText.Text & "';"

Check if that works. Hope it helps.

tommieb75 2009-11-18 20:31:08

sigh...it seems this site has escaped 'em backticks and apostrophes.... Points, user and Username are enclosed in apostrophes or backticks...

tommieb75 2009-11-18 20:32:28

I edited the post to format code so we can see the backticks.

Bill Karwin 2009-11-18 20:33:49

Cheers Bill for that! :)

tommieb75 2009-11-18 20:35:13

Nope it doesn't work. Even if I put it in my MYSQL Query Browser it will set the value of point to 0.

Kevin 2009-11-18 20:44:18

Answer 2

+2 A:

2 possibilities that I can see:

Some other code is updating the points value
SQL Injection:

If the value in UsernameText.Text is

blah'; update user set points = 0;--

Then the resultant SQL will be:

SELECT Points FROM user where Username = 'blah'; update user set points = 0;--';

McKay 2009-11-18 20:34:30

Answer 3

+2 A:

I'm not sure exactly why your table is updated by a select query. But I do know you're going about building your query string all wrong. You should do it like this instead:

Using cn As New MySqlConnection("your connection string here"), _
      cmd As New MySqlCommand("SELECT points FROM user WHERE username= @UserName")

    cmd.Parameters.AddWithValue("@UserName", UsernameText.Text)
    cn.Open()

    ''# ExecuteReader or Fill command go here, connection will be automatically closed
    ''# when control falls out of the using block, even if an exception is thrown

End Using

Joel Coehoorn 2009-11-18 20:38:10

+1 I'm not sure SQL Injection is at work here, but it's worthwhile to show the OP how to use query parameters!

Bill Karwin 2009-11-18 20:40:34

Answer 4

+1 A:

There's no way a SELECT query can change values stored in the database. It's a read-only command. Either the values were already zero, or else the query is only returning zeroes (in spite of what's stored in the database), or else it's returning no rows at all.

I'd guess that your query isn't formed properly, and it's returning no rows.

You probably have a variable in your VB.NET code and its initial value is zero, to be overridden as it reads the result of the SQL query. When the SQL query returns no rows, this variable retains its initial zero value.

So try an experiment: initialize your points variable to -99 or something and try it again. I bet your app will display -99.

Furthermore, I'd assume the data actually in the database has not changed to zero. Only what you display defaults to zero because your SQL query isn't functioning.

When you're debugging dynamic SQL, you need to look at the complete SQL query -- after you interpolate any dynamic variables into it. It's hard to debug when you're staring at a VB.NET string expression that builds an SQL query. It's like troubleshooting your car problems by visiting an automobile factory.

Bill Karwin 2009-11-18 20:39:11

well have a something like mydata.hasrows = 0 when they login. Do you think that may be affecting the score?

Kevin 2009-11-18 20:55:57

If the result has no rows, that seems to support the assumption that the query isn't returning anything. Either there's an error with the query, or else it's simply not matching anything in the database.

Bill Karwin 2009-11-18 21:13:28

No its not that, its that the hasrows function comes in during login. When login is successful it will retrieve the points on your account.

Kevin 2009-11-18 21:16:39

Answer 5

A:

I think this might help for those who are answering this question. How would the MYsql Column be set up for Points in MySQL admin?

Kevin 2009-11-18 21:18:44

Is points column an int? Or is MySql treating this as a scalar query where it returns the number of rows and shoving that into Points?

tommieb75 2009-11-18 22:33:57

ansaurus

tags:

views:

answers:

MySQL Query Glitch

related questions