1

I am trying to make a little program that writes and reads from a Mysql database. The reading part is going well, but I am a bit stuck in the write part.

This is my code:

Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Absenden.Click
    Dim conn As New MySqlConnection
    Dim command As MySqlCommand
    Dim myConnectionString As String
    myConnectionString = "server=Nothing;uid=to;pwd=see;database=here;"
    conn.ConnectionString = myConnectionString

    Try
        conn.Open()
        Dim Querywrite As String
        Querywrite = "select * FROM here.message INSERT INTO message admin='" & TB_Name.Text & "' and message='" & TB_Nachricht.Text & "' and Server='" & TB_Server.Text & "' and status='" & TB_Status.Text & "' "
        command = New MySqlCommand(Querywrite, connection)
    Catch ex As Exception
        MessageBox.Show(ex.Message)
    End Try
    conn.Close()
End Sub

The Querywrite part is the problem I think. The input comes from Textboxes in a Windows Form.

Thanks for your help!

Improve this question
6
  • 2
    Your SELECT ... INSERT syntax is invalid. What are you trying to do? Commented Feb 12, 2018 at 13:05
  • Beside you need to read about Prepared Statements to prevent SQL injection(s).. msdn.microsoft.com/nl-nl/library/… Commented Feb 12, 2018 at 13:08
  • Iam trying to insert the Inputs of the Textboxes in the Database. Commented Feb 12, 2018 at 13:19
  • SQL INSERT INTO Statement Commented Feb 12, 2018 at 14:00
  • I've this Site open to, but I am maybe a bit to stupid to figure it out. Commented Feb 12, 2018 at 14:01

1 Answer 1

Reset to default
2

Perhaps, if someone shows you once then you will get the idea. The main thing is to always use parameters; not only will you avoid minor sytax and type errors but you will avoid major disasters of malicious input. I guessed at the datatypes of your fields. Please check your database for the types and adjust your code accordingly.

Private Sub InsertData()
        Dim strQuery As String = "Insert Into message (admin, message, Server, status) Values (@admin, @message, @Server, @status);"     
        Using cn As New MySqlConnection("your connection string")
            Using cmd As New MySqlCommand With {
                    .Connection = cn,
                    .CommandType = CommandType.Text,
                    .CommandText = strQuery}
                cmd.Parameters.Add("@admin", MySqlDbType.VarString).Value = TB_Name.Text
                cmd.Parameters.Add("@message", MySqlDbType.VarString).Value = TB_Nachricht.Text
                cmd.Parameters.Add("@Server", MySqlDbType.VarString).Value = TB_Server.Text
                cmd.Parameters.Add("@status", MySqlDbType.VarString).Value = TB_Status.Text
                cn.Open()
                cmd.ExecuteNonQuery()
                cn.Close()
            End Using
        End Using
    End Sub
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

It worked perfectly! Thx a ton. Except from the @statue in the frist line ;). Thx again for the help.
@thunfischbaum Oops! So sorry, fixed it.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.