Pulling record from mySQL database only working for userid and not email

Posted by user2908467 on Stack Overflow See other posts from Stack Overflow or by user2908467
Published on 2013-10-29T21:51:19Z Indexed on 2013/10/29 21:53 UTC
Read the original article Hit count: 308

Filed under:
|
|

This function works because I search by userid:

private void showList_Click(object sender, EventArgs e)
    {
        int id = 0;
        for (int i = 0; i <= sqlClient.Count("UserList"); i++)
        {
        Dictionary<string, string> dik = sqlClient.Select("UserList", "userid = " + id);

            var lines = dik.Select(kv => kv.Key + ": " + kv.Value.ToString());
            userList.AppendText(string.Join(Environment.NewLine, lines));
            userList.AppendText(Environment.NewLine);
            userList.AppendText("--------------------------------------");
            id++;
        }

    }

This function does not work because I search by email:

private void login_Click(object sender, EventArgs e)
    {
        string email = lemail.Text;
        Dictionary<string, string> dik = sqlClient.Select("UserList", "firstname = " + email);
        var lines = dik.Select(kv => kv.Key + ": " + kv.Value.ToString());
        logged.AppendText(string.Join(Environment.NewLine, lines));


    }

This is the error message I receive when I click on the login button:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@aol.com' at line 1

The email I searched for in the database was "[email protected]" without quotes. I'm lead to believe by the error message the @ sign is causing conflict as I know it is a special character but I am having a hard time figuring out what phrase to search for to help me.

Also, here is the function that is being called:

public Dictionary<string, string> Select(string table, string WHERE)
    {
        //This methods selects from the database, it retrieves data from it.
        //You must make a dictionary to use this since it both saves the column
        //and the value. i.e. "age" and "33" so you can easily search for values.

        //Example: SELECT * FROM names WHERE name='John Smith'
        // This example would retrieve all data about the entry with the name "John Smith"

        //Code = Dictionary<string, string> myDictionary = Select("names", "name='John Smith'");
        //This code creates a dictionary and fills it with info from the database.

        string query = "SELECT * FROM " + table + " WHERE " + WHERE + "";

        Dictionary<string, string> selectResult = new Dictionary<string, string>();

        if (this.Open())
        {
            MySqlCommand cmd = new MySqlCommand(query, conn);
            MySqlDataReader dataReader = cmd.ExecuteReader();

            try
            {
                while (dataReader.Read())
                {

                    for (int i = 0; i < dataReader.FieldCount; i++)
                    {
                        selectResult.Add(dataReader.GetName(i).ToString(), dataReader.GetValue(i).ToString());
                    }

                }
                dataReader.Close();
            }
            catch { }
            this.Close();

            return selectResult;
        }
        else
        {
            return selectResult;
        }
    }

My database table is called "UserList"

The fields in order are as follows:

userid, email, password, lastname, firstname

Any help would be greatly appreciated. This site is amazing!

© Stack Overflow or respective owner

Related posts about c#

Related posts about mysql