my problem with ado.net

da vinci coder

hi guys.. my problem is like this.. i have a query which is : string query = "select count(*) AS [username] from [" + tablename + "] WHERE username = '"+username+"'"; and my method is : public void checkIfUserExists(string username,string tablename) as u can see, i want to check how many user exists with this username in the database, i want to execute the query, and take the result inside an int ( e.g. int result ) if the result is > 0 , then i won`t allow user to choose that username else user can register.. how can i do this ? it was easy doing that at php but i cant do this in c# because i can`t understand ado.net very well ( datasets, datagrids,etc..) any help would be great! thx! good coding !

Colin Angus Mackay

The way you build your SQL string is susceptable to a SQL Injection attack you may wish to read SQL Injection attacks and tips on how to prevent them[^] You don't say what database you are using so I'll assume SQL Server 2000

SqlConnection conn = new SqlConnection(connectionString);
SqlCommand cmd = new SqlCommand(query, conn);
conn.Open();
int result = (int)cmd.ExecuteScalar();
conn.Close();

This is a very basic example and does not take into account error conditions. You have to provide the connection string (as I know nothing about your database or the security you've set up) and the query (which you have above - although I do recommend securing it as shown in the article I've linked to) Does this help?

---

My: Blog | Photos "Man who stand on hill with mouth open will wait long time for roast duck to drop in." -- Confucious