Databases
StackOverflow2013
Postsdbo
POMySqlCommand Command.Parameters.Add is obsolete
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POMySqlCommand Command.Parameters.Add is obsolete
    text
    copied!<p>I'm making an C# windows Form Application in visual studio 2010.</p> <p>That application is connecting to an mysql database, and I want to insert data in it.</p> <p>Now do I have this part of code:</p> <pre><code>MySqlConnection connection; string cs = @"server=server ip;userid=username;password=userpass;database=databse"; connection = new MySqlConnection(cs); connection.Open(); MySqlCommand command = new MySqlCommand(); string SQL = "INSERT INTO `twMCUserDB` (`mc_userName`, `mc_userPass`, `tw_userName`, `tw_userPass`) VALUES ('@mcUserName', '@mcUserPass', '@twUserName', '@twUserPass')"; command.CommandText = SQL; command.Parameters.Add("@mcUserName", mcUserNameNew); command.Parameters.Add("@mcUserPass", mcUserPassNew); command.Parameters.Add("@twUserName", twUserNameNew); command.Parameters.Add("@twUserPass", twUserPassNew); command.Connection = connection; command.ExecuteNonQuery(); connection.Close(); </code></pre> <p>The connection is fine. That works.</p> <p>I readed <a href="https://stackoverflow.com/questions/7174792/does-using-parameterized-sqlcommand-make-my-program-immune-to-sql-injection">here</a> that the way that I have now, is an save way to do query's. Is that still right?</p> <p>And now to the real question. With that code above, I get the following warning in visual studio:</p> <pre><code>'MySql.Data.MySqlClient.MySqlParameterCollection.Add(string, object)' is obsolete: '"Add(String parameterName, Object value) has been deprecated. Use AddWithValue(String parameterName, Object value)"' </code></pre> <p>That warning is for every parameters.add</p> <p>And it isn't even working, because the values that are inserted are @mcUserName, @mcUserPass and so on, instead of the values that the variables mcUserNameNew and so on are holding...</p> <p>So my question is, am I doing something wrong, and what is the new way to sql injection save do an query?</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload