0

So I tried making a code for adding 2 same data within 2 different tables which is "studentinfo" and "logindb" I tried doing this

enter code heprivate void buttonRegisterStudent_Click(object sender, EventArgs e)
    {
        String connection = "server=localhost;user id=root;password=root;persistsecurityinfo=True;database=votingdb";
        //Inserting Data
        String insertDataInfo = @"INSERT INTO studentinfo (firstname,lastname,username,password,email) values 
                                   ('"+this.textBoxFirstName.Text+"','"+this.textBoxLastName.Text+"','"+this.textBoxUsername.Text+
                                   "','"+ this.textBoxPassword.Text + "','"+ this.textBoxEmail.Text + "')";
        String insertDataLogin = @"INSERT INTO logindb (username,password) values ('"+this.textBoxUsername.Text+"','"
                                    +this.textBoxPassword.Text+"')";
        //Connection
        MySqlConnection con = new MySqlConnection(connection);
        MySqlCommand datainfo = new MySqlCommand(insertDataInfo,con);
        MySqlCommand datalogin = new MySqlCommand(insertDataLogin, con);
        MySqlDataReader datareaderinfo;
        MySqlDataReader datareaderlogin;

        try
        {
            con.Open();
            datareaderinfo = datainfo.ExecuteReader();
            datareaderlogin = datalogin.ExecuteReader();
            MessageBox.Show("Student Register Successfully!");
        }

        catch (Exception ex)
        {
            MessageBox.Show("Failed to Register" + ex);
        }

    }

Resulting to Error which says there may only one mysqldatareader in the code. How can I add the same data to the different tables?

A Certain Newbie Programmer
  • 11
  • 6

2 Answers2

0

Don't use a datareader if you don't want to read data. Simple use the ExecuteNonQuery on your command:

datainfo.ExecuteNonQuery();

And don't forget to open en close your connection!

oerkelens
  • 5,053
  • 1
  • 22
  • 29
0

You don't need a data reader for insert statements, you should simply use ExecuteNonQuery.
Please note that your current queries are a security hazard as they are vulnerable to SQL Injection attacks. Instead of concatenating user inputs as strings to create your SQL statements, use parameterized queries.
For more information, read How can prepared statements protect from SQL injection attacks?

An improved version of the main parts in your code is this:

var insertDataInfo = @"INSERT INTO studentinfo (firstname,lastname,username,password,email) values 
                            (@firstName, @lastName, @userName, @passwordHash, @email)";                 

var insertDataLogin = @"INSERT INTO logindb (username,password) values (@userName, @passwordHash)";

var datainfo = new MySqlCommand(insertDataInfo,con);
datainfo.Parameters.Add("@firstName", DbType.VarChar).Value = this.textBoxFirstName.Text;
datainfo.Parameters.Add("@lastName", DbType.VarChar).Value = this.textBoxLastName.Text;
datainfo.Parameters.Add("@userName", DbType.VarChar).Value = this.textBoxUsername.Text;
datainfo.Parameters.Add("@passwordHash", DbType.VarChar).Value = this.textBoxPassword.Text;
datainfo.Parameters.Add("@email", DbType.VarChar).Value = this.textBoxEmail.Text;

var datalogin = new MySqlCommand(insertDataLogin, con);
datalogin.Parameters.Add("@userName", DbType.VarChar).Value = this.textBoxUsername.Text;
datalogin.Parameters.Add("@passwordHash", DbType.VarChar).Value = this.textBoxPassword.Text;

datainfo.ExecuteNonQuery();
datalogin.ExecuteNonQuery();

Also, you are storing passwords as plain text in your database.
That's a really big security hole. You should be storing salted hash values of your passwords instead - but that's getting a little too broad for this answer so I'll leave that part up for you to read and apply.

Zohar Peled
  • 79,642
  • 10
  • 69
  • 121