2

I have this code, when I run the select query only it works. When I run the insert query only also it works. but the two queries can't work at the same time. I don't know what's the problem???! can you help me

public partial class signUpFM : Form
    {
        String str = @"server=localhost;database=Bullivant_Arabia_Archive;userid=root;password='';";
        MySqlConnection con = null;
        MySqlCommand cmd = null;

    public signUpFM()
    {
        InitializeComponent();
    }

    private void signUpBT_Click(object sender, EventArgs e)
    {

        try
        {
            con = new MySqlConnection(str);
            con.Open();
            if(checkUser(userNameTB.Text))
            {
                if (password1TB.Text == password2TB.Text)
                {
                    insertUser(this.userNameTB.Text, this.password1TB.Text);
                }
                else
                {
                    MessageBox.Show("You haven't enter the same password twice");
                }
            }
            else
            {
                MessageBox.Show("The user name already exist, please enter another one!");
            }

        }
        catch (MySqlException err)
        {
            Console.WriteLine("Error: " + err.ToString());
        }
        finally
        {
            if (con != null)
            {
                con.Close();
            }
        }
    }

    public void insertUser(String userName, String password)
    {
        String userQuery = @"insert into login (Username,Password) values ('" + userName + "' , '"
                    + password + "')";
        if (executeInsertQuery(userQuery))
            MessageBox.Show("Sign up have been completed");
        else
            MessageBox.Show("Sign up couldn't be completed");
    }

    bool checkUser (String UserName)
    {
        String Query = @"select * from login where UserName = '" + UserName + "'";
        if (executeSelectQuery(Query))
            return false;
        else return true;
    }

    bool executeSelectQuery(String query)
    {
        cmd = new MySqlCommand(query, con);
        if (cmd.ExecuteReader().Read())
            return true;
        else return false;
     }

    bool executeInsertQuery(String query)
    {
        cmd = new MySqlCommand(query, con);
        if (cmd.ExecuteNonQuery() == 1)
            return true;
        else return false;
    }
Rigel Kent Carbonel
  • 440
  • 3
  • 20
Rawan Mitani
  • 23
  • 3
  • Just a piece of advice. :) Your system is vulnerable of SQL Injection you should use `SQL Parameter` or `Stored Procedure` to prevent the SQL Injection attacks. This line of code makes your system vulnerable `String userQuery = @"insert into login (Username,Password) values ('" + userName + "' , '" + password + "')";` – Rigel Kent Carbonel Oct 03 '15 at 09:11
  • Don't use string concatenation for query parameters. That's prone to sql injection. Use parameters instead. – Mihai Caracostea Oct 03 '15 at 09:13
  • the insert statement is 100% true, because it works without the select statement. but when I use select and insert in the same time it does not work – Rawan Mitani Oct 04 '15 at 07:44

2 Answers2

0

Please share the exact error you are getting. In my opinion you can't use same connection to perform multiple queries. But you'll be fine using multiple connections, connection pooling works great for MySql.

Ajay Kumar
  • 504
  • 2
  • 10
  • 23
  • it throws an exception – Rawan Mitani Oct 04 '15 at 07:46
  • I have open another connection to execute the second query and that works. are there another way to make multiple queries in the same connection? – Rawan Mitani Oct 04 '15 at 07:54
  • You should rather stick with stored procedure or [Entity framework](http://www.asp.net/entity-framework). Please find your answer [here](http://stackoverflow.com/questions/13677318/how-to-run-multiple-sql-command-in-single-sql-connection) – Ajay Kumar Oct 04 '15 at 08:37
0

Store the Querys in 2 strings and run it using separated by comas

Ex:

string str1="Query1";
string str2="Query2";
ExecuteUpdate(str1,str2); or ExecuteQuery(str1,st2);

Make sure Both Have Same Execution Methods

JITHIN N
  • 1