[Mono-list] help with MySqlParameter

Sergio Duran Sergio Duran <sergioduran@gmail.com>
Mon, 15 Nov 2004 11:02:53 -0600


Hi, I'm using MySql and C# to get the data, I have been trying to use
the MySqlParameter classes with no success, I dont get any results
doing it this way, how should it be done?
The connstr is valid, but changed here.

string connstr = "... valid connection string here ...";
MySqlParameter name = new MySqlParameter("@user",MySqlDbType.VarChar);
name.Value="admin";
DataRow usr = MySqlHelper.ExecuteDataRow(connstr,
	"SELECT * FROM usr WHERE username=@user", name);

I get results if I do a "SELECT * FROM usr WHERE username='"+username+"''"
but that's insecure.

I'd be thankful if I could get an answer or a redirect.