locked
OdbcParameters not replacing place holders RRS feed

  • Question

  • User2031639297 posted

    Hi,

    I am a newbie to ASP.NET using C#, .Net 3.5, VS2008, MySQL, ODBC connector. I am creating a login page and passing username to get the password from MySQL database. However the lines of code highlighted does not work correctly and does not fetch result.

    private bool validateUser(string uid, string passwd) {
                string lookuppwd = null;
                string sqlstr = null;
                try{
                    OdbcConnection odbccon = new OdbcConnection(ConfigurationManager.ConnectionStrings["MySQL55"].ConnectionString);
                    odbccon.Open();
                    OdbcCommand odbccmd = new OdbcCommand(" SELECT password FROM appusers WHERE userid = ? ", odbccon);
                    
                    OdbcParameter prmusername = new OdbcParameter();
                    prmusername.ParameterName = "@username";
                    prmusername.OdbcType = OdbcType.VarChar;
                    prmusername.Value = uid;
                    odbccmd.Parameters.Add(prmusername);
                    //OdbcDataReader odbcdr = odbccmd.ExecuteReader();
    
                    lookuppwd = (string) odbccmd.ExecuteScalar();
                }
                catch (Exception ex){
                    Response.Write("An error occured while connecting to Database.<br />" + ex.Message);
                }
                passwd = FormsAuthentication.HashPasswordForStoringInConfigFile(passwd, "SHA1");
    
                if (null == lookuppwd) {
                    return false;
                }
                return (0 == string.Compare(lookuppwd, passwd, false));
            }

    Can anyone help me figure out what am i doing wrong in this section of code.

    Regards,

    VGNU



    Thursday, January 27, 2011 2:47 AM

Answers

  • User-417784260 posted

    1. You should name the parameter in the query.

    1. OdbcCommand odbccmd = new OdbcCommand(" SELECT password FROM appusers WHERE userid = @username ", odbccon);  
    2.                   
    3.                 OdbcParameter prmusername = new OdbcParameter();  
    4.                 prmusername.ParameterName = "@username";  

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, January 27, 2011 6:22 AM