Programming Forums > Application Development > C#

programmingnoob · Jun 23rd, 2007, 3:11 AM

what if I want to insert things in a mysql table using data from a c# array?
it's a lot easier if i am just trying to hardcode values into the table, for example,

(Toggle Plain Text)

command.CommandText = "insert profilet (id, firstn, lastn) values (1, 2, 3)";

would work fine...
but the line below would not quite work...

(Toggle Plain Text)

command.CommandText = "insert profilet (id, firstn, lastn) values (array[0], array[2], array[3])";

please let me know if my question doesnt make sense...
any suggestions, please?

Samuaijack · Jun 23rd, 2007, 8:06 AM

command.CommandText = "insert into profilet (id, firstn, lastn) values (array[0], array[2], array[3])";

teishu · Jun 23rd, 2007, 10:55 AM

you need to use quotations, that will just insert the words array[0] etc..

command.CommandText = "insert profilet (id, firstn, lastn) values ("array[0]", "array[2]", "array[3])"";

john Wesley · Jun 23rd, 2007, 1:11 PM

Samuraijack's will insert those words as you say however your command string should not compile at all!

"INSER INTO profilet (id, firstn, lastn) VALUES (" + array[0] + "," + array[1] + "," + array[2] + ")";

The above command string should do what you want it to programmingnoob, considering you have an initialised array of objects named 'array' and those numbers are valid index identifiers.

programmingnoob · Jun 23rd, 2007, 9:47 PM

Quote:

Originally Posted by teishu

you need to use quotations, that will just insert the words array[0] etc..

command.CommandText = "insert profilet (id, firstn, lastn) values ("array[0]", "array[2]", "array[3])"";

but thats not what I want to do....
I want to insert the value of array[0] and so on...

for example, if array[0] = 11, array[2] = 15...
I would want 11 and 15 inserted into the table... not the words array[0] etc

xavier · Jun 24th, 2007, 12:26 AM

as john Wesley said :

(Toggle Plain Text)

INSER INTO profilet (id, firstn, lastn) VALUES ('" + array[0] + "','" + array[1] + "','" + array[2] + "')";

I just added the ' .. i remember it's necessary for inserting strings.

On the other hand, take a look at MySqlParameter.(aka google_it)

InfoGeek · Jun 24th, 2007, 2:58 AM

I suggest using parameterized queries instead of simple concatenation to aviod sql injection attacks.

teishu · Jun 24th, 2007, 11:09 AM

Quote:

Originally Posted by programmingnoob

but thats not what I want to do....
I want to insert the value of array[0] and so on...

for example, if array[0] = 11, array[2] = 15...
I would want 11 and 15 inserted into the table... not the words array[0] etc

precisely, yours would have inserted the words 'array[0]' etc..

look at the pairs of quotations more carefully and you will understand..

Thanks john wesley for completing my code, i knew it was close, not done it for a while lol..

programmingnoob · Jun 27th, 2007, 3:02 AM

Quote:

Originally Posted by InfoGeek

I suggest using parameterized queries instead of simple concatenation to aviod sql injection attacks.

umm elaborate please?!
I'm new to this stuff you see
if you could point me to a weblink, then that would be great too

free-zombie · Jun 27th, 2007, 8:24 AM

I don't know how it's done in C# with whatever MySQL API you're using, but this is the same thing in python:

(Toggle Plain Text)

cursor.execute('insert into profilet (id, firstn, lastn) values (%s, %s, %s)', array[:3])

the point is that the SQL library takes care of putting the values into the query with correct quoting as to avoid danger if someone sets array[2] to something like Butcher"); update profilet set ( firstn = "idiot (you get the general idea)

Jun 23rd, 2007, 3:11 AM	#1
programmingnoob Hobbyist Programmer Join Date: Feb 2006 Posts: 154 Rep Power: 3	i'm trying to use c# with mysql what if I want to insert things in a mysql table using data from a c# array? it's a lot easier if i am just trying to hardcode values into the table, for example, (Toggle Plain Text) command.CommandText = "insert profilet (id, firstn, lastn) values (1, 2, 3)"; command.CommandText = "insert profilet (id, firstn, lastn) values (1, 2, 3)"; would work fine... but the line below would not quite work... (Toggle Plain Text) command.CommandText = "insert profilet (id, firstn, lastn) values (array[0], array[2], array[3])"; command.CommandText = "insert profilet (id, firstn, lastn) values (array[0], array[2], array[3])"; please let me know if my question doesnt make sense... any suggestions, please?

Jun 23rd, 2007, 10:55 AM	#3
teishu Programmer Join Date: May 2006 Posts: 51 Rep Power: 3	you need to use quotations, that will just insert the words array[0] etc.. command.CommandText = "insert profilet (id, firstn, lastn) values ("array[0]", "array[2]", "array[3])""; __________________ AMD Athlon X2 4200+ -- Asus V3-M2V890 -- 2GB Kingston -- Vista Ultimate 32bit + Ubuntu 8.04 Intel C2D T5870 2.0GHZ -- Vostro 1510 -- 2048MB -- Windows XP SP2 *ASCII stupid question, get a stupid ANSI !*

Jun 23rd, 2007, 1:11 PM	#4
john Wesley Hobbyist Programmer Join Date: May 2006 Location: United Kingdom Posts: 119 Rep Power: 3	Samuraijack's will insert those words as you say however your command string should not compile at all! "INSER INTO profilet (id, firstn, lastn) VALUES (" + array[0] + "," + array[1] + "," + array[2] + ")"; The above command string should do what you want it to programmingnoob, considering you have an initialised array of objects named 'array' and those numbers are valid index identifiers. __________________ Mona Lisa must of had the highway blues you can tell by the way she smiles..

Jun 24th, 2007, 12:26 AM	#6
xavier Professional Programmer Join Date: Oct 2004 Location: .ro Posts: 381 Rep Power: 4	as john Wesley said : (Toggle Plain Text) INSER INTO profilet (id, firstn, lastn) VALUES ('" + array[0] + "','" + array[1] + "','" + array[2] + "')"; INSER INTO profilet (id, firstn, lastn) VALUES ('" + array[0] + "','" + array[1] + "','" + array[2] + "')"; I just added the ' .. i remember it's necessary for inserting strings. On the other hand, take a look at MySqlParameter.(aka google_it) __________________ Don't take life too seriously, it's not permanent !

Jun 24th, 2007, 2:58 AM	#7
InfoGeek Professional Programmer Join Date: Jun 2005 Location: India, The great. Posts: 435 Rep Power: 4	I suggest using parameterized queries instead of simple concatenation to aviod sql injection attacks. __________________ PFO - My daily dose of technology.

Jun 23rd, 2007, 8:06 AM	#2
Samuaijack Programmer Join Date: Jul 2006 Location: using Earth.Africa.Egypt.Cairo; Posts: 73 Rep Power: 3	command.CommandText = "insert into profilet (id, firstn, lastn) values (array[0], array[2], array[3])";

Jun 27th, 2007, 8:24 AM	#10
free-zombie Programmer Join Date: May 2006 Location: Bavaria, Germany Posts: 50 Rep Power: 0	I don't know how it's done in C# with whatever MySQL API you're using, but this is the same thing in python: (Toggle Plain Text) cursor.execute('insert into profilet (id, firstn, lastn) values (%s, %s, %s)', array[:3]) cursor.execute('insert into profilet (id, firstn, lastn) values (%s, %s, %s)', array[:3]) the point is that the SQL library takes care of putting the values into the query with correct quoting as to avoid danger if someone sets array[2] to something like Butcher"); update profilet set ( firstn = "idiot (you get the general idea)

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Connecting MySQL and PHP	titaniumdecoy	PHP	10	Feb 25th, 2008 7:47 PM
Use PEAR DB or MySQL	ssrun	PHP	6	Apr 27th, 2007 9:38 AM
MySQl simple problem	paulchwd	Other Web Development Languages	7	Feb 27th, 2007 10:31 AM
MySql	paulchwd	Other Web Development Languages	8	Feb 8th, 2007 9:17 PM
Tutorial - Using MySQL in C#	Darkhack	C#	12	Jan 17th, 2006 9:28 AM

Programming Forums > Application Development > C#

i'm trying to use c# with mysql