0

I am trying to insert some data into my MySql database and have successfully made a connection and submitted data, however my variables are saving as the actual name of the variable and not the value I am trying to assign. I am collecting the logged in user of my asp system using identity and am collecting a score of a user from some radio button lists on my main page.

What I try to save the score with the id for a user with id of 12345 for example and a score of 4. it will save the word Id and the word score instead of the numbers.

Here is my current code:

    if (score != 0) ;
    {
        string Id = User.Identity.GetUserId();
        string MyConString = "SERVER=localhost;" +
        "DATABASE=synther_physics;" +
        "UID=root;" +
        "PASSWORD=rootpass;";
        MySqlConnection connection = new MySqlConnection(MyConString);
        MySqlCommand command = connection.CreateCommand();
        MySqlDataReader Reader;
        command.CommandText = "INSERT INTO userscores (Id, momentsandenergytestscore) VALUES ('Id','score');";

        connection.Open();
        Reader = command.ExecuteReader();
        connection.Close();


    }
Improve this question
2
  • You never pass your values into the insert statement Commented Apr 10, 2017 at 22:32
  • how do i get the data into my table then? Commented Apr 10, 2017 at 22:33

1 Answer 1

Reset to default
1

First thing is that placing the variables directly in the statement is a no-no, leads to a very well-known problem called SQL Injection. To avoid this we are going to change your command to use parameters, which will be populated with the variables later

command.CommandText = "INSERT INTO userscores (Id, momentsandenergytestscore) VALUES (@Id,@score);";

We will then add in these 2 lines to populate the parameters with your variables

command.Parameters.AddWithValue("@Id", Id);
command.Parameters.AddWithValue("@score", score);

As this is not a SELECT statement, no reader is needed. You can use the ExecuteNonQuery command which will return the count of rows affected (should be 1 for this INSERT statement. 

int RowsAffected = command.ExecuteNonQuery();
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Hi there, thankyou for the responce, i have made the changes you suggest but am getting the error: 'Id cannot be null'
Try a breakpoint after Id should be defined, and see what the User.Identitu has for values.... Or defining before the if(...) and checking for Id as well as score.
id is null here, i think the code for collecting the logged in users id is incorrect. would you agree?
That would be my assessment as well. Try a manual over-ride of Id with something useful for testing iwhen its null, possible "NULL at " + DateTime.Now.ToString():
well it breaks my execution anyway as its the primary key in the fields of the table i am trying to use, ill maybe ask a new question if i cant find out a way of doing it. Thankyou for your help

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.