[RESOLVED] i have a quetion regarding with mysql to vb.net

SQL = "SELECT * FROM `cf_users` WHERE `email` = '" + txtEmail.Text + "' AND `password` = '" + txtPassword.Text + "'"

My question is it necessary 2 put a ' in the query cause im having a error if i will not include the ' sign in my sql query. . . .

No you shouldn't have quotes around field names, just around strings.

You should also be using parameters in your query rather than just inserting values from your textbox.

you get an error because password is a reserved word in mySQL ... so you can either change the name of the field to something else, or keep the ` marks around it (just the password field name).

keystone - normally I agree but in this case ` and ' are different... the first is used as the quoted object delimiter (similar to the brackets in Access or SQL Server)

-tg

I'm comparing my user id and my password to my sql if they are the same. . . .when i erase the ' in my like this '" + txtEmail.Text + "' it will give me errors and if i erase dis in my last line + "'". . . .juz can't understand it nobody's teaching with this quote ' what is the use of this in vb.net? the '. . . .please elp me with this. . . .

the ' signifies a STRING value in SQL ... the fact that "nobody's teaching with this quote" ... is bogus... because if that was true, then EVERYone would be using parameters (as they should be) and we wouldn't be having this discussion.

That said... I reallllllllllllly encourage you to read our database faq and tutorial section, ESPECIALLY with parameters and use them... it will save you a lot of time effort trouble and heartburn in the long run.

-tg

where can i find the database faq and tutorial section??Nid 2 learn ASAP cause we have a project using mysql and im the programmer i dont know what to do. . . .

here: http://www.vbforums.com/showthread.php?t=337051

-tg

it is ok if i remove the single quote in my query??but it will give me some errors though not like in my connection string. . . .This is my code that my friend wrote and he use the single quote in his query. . . .

vb Code:

Imports MySql.Data.MySqlClient
Public Class Form1
    Dim conn As New MySqlConnection
 
    Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
        conn.ConnectionString = "server=localhost;" _
       & "user id=root;" _
       & "password=root;" _
       & "database=User_account"
        Try
            'Try to open the connection
            conn.Open()
 
        Catch ex As MySqlException
            'If fail will show a MySQL Error
            MsgBox(ex.Message)
        End Try
    End Sub
 
    Private Sub cmdlogin_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles cmdlogin.Click
        Dim myCommand As New MySqlCommand
        Dim myAdapter As New MySqlDataAdapter
        Dim myData As MySqlDataReader
 
        Dim SQL As String
        'Our MySQL Query
        SQL = "SELECT * FROM account WHERE User_name = '" + TextBox1.Text + "' AND User_pass = '" + TextBox2.Text + "'"
 
        myCommand.Connection = conn
        myCommand.CommandText = SQL
        myAdapter.SelectCommand = myCommand
        Try
            'Try to execute the query
            myData = myCommand.ExecuteReader()
            myData.Read()
            If myData.HasRows = 0 Then 'Checkes if a row with the email and password exist.
                'If no outputs this:
                MsgBox("Username and Password dont match!.")
                myData.Close()
            Else
                'if yes outputs this:
                MsgBox("Welcome " + "This is me" + "!.")
                myData.Close()
 
            End If
        Catch ex As MySqlException
            'If fail outputs MySQL Error
            MsgBox(ex.Message)
        End Try
    End Sub
End Class