0

Hey guys I am almost done with my CRUD project for my Database Project. I am just trying to finish up and complete the Delete Functionality.

 query = string.Format("DELETE FROM customers WHERE `cid`= {0};", mDeleteTextBox);

My variable mDeleteTextBox is filled with the value I want. What is wrong with my query?

ERROR MESSAGE

An unhandled exception of type 'MySql.Data.MySqlClient.MySqlException' occurred in MySql.Data.dll

Additional information: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '.TextBox, Text: 6' at line 1
GuidoG
  • 11,359
  • 6
  • 44
  • 79
Doobie2012
  • 66
  • 8
  • Possible duplicate of [How do I escape reserved words used as column names? MySQL/Create Table](http://stackoverflow.com/questions/2889871/how-do-i-escape-reserved-words-used-as-column-names-mysql-create-table) – Eris Dec 04 '16 at 22:21
  • Also, your `{0}` needs to have quotes, or better yet, use a paramaterized query:http://stackoverflow.com/questions/652978/parameterized-query-for-mysql-with-c-sharp – Eris Dec 04 '16 at 22:23
  • 1
    Also, check that in mDeleteTextBox type is string. Maybe you wanted to write mDeleteTextBox.Text? – Nigrimmist Dec 04 '16 at 22:30
  • Nigrimmist you are absolutely right, thank you! – Doobie2012 Dec 04 '16 at 22:32

1 Answers1

4

Your additional information says it all: you're trying to pass mTextBox as a parameter for your query, but in order to access the content of the textbox itself (which is the data you want to use to complete your query), you should access the Text property of the textbox.

So, your code:

query = string.Format("DELETE FROM customers WHERE `cid`= {0};", mDeleteTextBox);

became

query = string.Format("DELETE FROM customers WHERE `cid`= {0};", mDeleteTextBox.Text);
hypnos
  • 369
  • 1
  • 10
  • A better answer would teach the OP how to use parameters and never ever build sql statements like this. This is open for sql injection. – GuidoG Dec 05 '16 at 08:14