2

I didn't encounter this error when my database was offline. I have just made my database online with db4free.net.

Everytime I log in this error occurs. Can somebody point out what's wrong?

private void btnLogIn_Click(object sender, EventArgs e)
    {
        string query = "select * from tbl_accounts where username='" + tbxUsername.Text + "' and password='" + tbxPassword.Text + "'";
        MySqlCommand command = new MySqlCommand(query, connection);
        MySqlDataAdapter da = new MySqlDataAdapter(command);
        DataTable dt = new DataTable();
        da.Fill(dt);

        try
        {
            for (int i = 0; i < dt.Rows.Count; i++)
            {
                DataRow dr = dt.Rows[i];

                if (dt.Rows.Count > 0)
                {
                    employee_id = (dr["employee_id"].ToString().PadLeft(4, '0'));
                    fullname = (dr["account_firstname"] + " " + dr["account_lastname"]).ToString();
                    this.Invoke(new Action(() =>
                    {
                        connection.Open();
                        command.ExecuteNonQuery();
                        connection.Close();
                        this.Close();
                        th = new Thread(openNewForm);
                        th.SetApartmentState(ApartmentState.STA);
                        th.Start();
                    }));
                }
            }
        }
        catch (Exception ex)
        {
            MessageBox.Show(ex.Message);
        }
    }

Here is the error:

Exception screenshot

Updated: Here is my connection string:

MySqlConnection connection = new MySqlConnection("datasource=db4free.net;Convert Zero Datetime=True;SslMode=none");
cuttyflam
  • 31
  • 1
  • 5
  • 1
    Share the type of `employee_id`. – Sham Oct 17 '18 at 09:25
  • I strongly recommend you NOT to post your database authentication details in a public website ;-) – Rui Jarimba Oct 17 '18 at 09:25
  • Also, your code is is susceptible to SQL injection - you should use parameters instead of concatenating strings. See https://stackoverflow.com/questions/14376473/what-are-good-ways-to-prevent-sql-injection – Rui Jarimba Oct 17 '18 at 09:27
  • @Sham the type my employee_id is int(4) primary key auto_increment zerofill – cuttyflam Oct 17 '18 at 09:28
  • Is there any place where you using GUID? – Renatas M. Oct 17 '18 at 09:29
  • @Reniuz i am not familiar with GUID. so, no – cuttyflam Oct 17 '18 at 09:32
  • check the column types in the Database. You have a column in the database that is set to GUID and the data in the column is not GUID format. You can change the mapping to the datatype to string using da.TableMappings to get the data which will not check the column for GUID format. Try : da.MissingMappingAction = MissingMappingAction.Ignore; – jdweng Oct 17 '18 at 09:57
  • Try to check inner exceptions they might have details where is guid expected – Renatas M. Oct 17 '18 at 10:14
  • Do any of the columns in your table have the exact type `CHAR(36)`? – Bradley Grainger Oct 17 '18 at 13:56

2 Answers2

5

Almost exactly 1 year to the date of the OP, I came across the same error experimenting with NuGet package MySQL.Data

I found the workaround within the comments of this earlier StackOverflow post

Basically, you can avoid the error by adding OldGuids=True; as part of your MySQL DB connection string as mentioned by @noontz.

However, as pointed out by @BradleyGrainger, be aware that by doing this, any BINARY(16) column will then be returned as a Guid rather than byte[].

Gib
  • 96
  • 1
  • 7
  • This helped me! Thank you. I created a free MySQL database on db4free.net and was getting this obscure error. Adding `OldGuids=True;` to the connection string was the fix! – Troy Witthoeft Aug 10 '21 at 15:05
0
  1. Given your error happens here, your problem happens before this: da.Fill(dt);
  2. And you have two database fields and two controls
  3. Thus your issue is likely with one of the two database fields (username or password)
  4. I presume the username is a varchar or something
  5. Therefore your password is likely a GUID

Conclusion:
You should probably format the value pulled from tbxPassword.Text to be a GUID.
And, as stated above, you'll want to protect against SQL injection too.

devjc
  • 73
  • 8