Using Prepared Statement in C# with Mysql
Try removing '
from your query and use Prepare
after adding parameters:
cmd = new MySqlCommand("SELECT * FROM admin WHERE admin_username=@val1 AND admin_password=PASSWORD(@val2)", MySqlConn.conn);
cmd.Parameters.AddWithValue("@val1", tboxUserName.Text);
cmd.Parameters.AddWithValue("@val2", tboxPassword.Text);
cmd.Prepare();
MySql: Will using Prepared statements to call a stored procedure be any faster with .NET/Connector?
A prepared statement requires a minimum of 2 db calls. The first call (prepare) takes your application level sql statement e.g. select * from users where user_id = ? and creates a query template in the database which is then parsed and validated. Subsequent calls simply involve passing values from your application layer to the db which are then inserted into the template and executed.
A stored procedure already exists in the database. It has been parsed and validated during creation. A stored procedure is a bit like the template mentioned above but it's a permanent feature of the database not a temporary one.
Therefore, to execute a stored procedure you only need to pass it params - you dont need to prepare it.
Related Topics
Minimal and Correct Way to Map One-To-Many with Nhibernate
How to Avoid "Too Many Parameters" Problem in API Design
Ascending/Descending in Linq - Can One Change the Order via Parameter
ASP.NET Core Appsettings.JSON Update in Code
How to Use a Controller in Another Assembly in ASP.NET Core MVC 2.0
Attempted to Read or Write Protected Memory
How to Use Shell32 Within a C# Application
Store a Reference to a Value Type
Creating PDF Files at Runtime in C#
Why Can't I Have Protected Interface Members
Who Should Call Dispose on Idisposable Objects When Passed into Another Object
How to Tell the Data Annotations Validator to Also Validate Complex Child Properties