http://weblogs.asp.net/cumpsd/archive/2004/04/05/107456.aspxToday I was looking over a project I'm working on currently, more specifically, at the SQL queries in it. I come from a PHP background, where there is no such thing as parameterized queries. You simply build your own SQL string and make sure it doesnenCommunityServer 2007 SP1 (Build: 20510.895)http://weblogs.asp.net/cumpsd/archive/2004/04/05/107456.aspx#152508Thu, 10 Jun 2004 11:29:00 GMTc06e2b9d-981a-45b4-a55f-ab0d8bbfdc1c:152508ErikErikThank you! Thank you! Thank you! <br> <br>Coming from SQL Server and Oracle, I was so used to using named parameters that I totally forgot the questionmark approach. This being my first MySQL project, I was about to knock my head through the wall wondering why that database wasn't accepting my update statements.. as you pointed out, inject dynamic SQL is dangerous and not done. <br> <br>Like the others I just assume that MySQL supported named parameters... doh!<img src="http://weblogs.asp.net/aggbug.aspx?PostID=152508" width="1" height="1">http://weblogs.asp.net/cumpsd/archive/2004/04/05/107456.aspx#130664Wed, 12 May 2004 19:13:00 GMTc06e2b9d-981a-45b4-a55f-ab0d8bbfdc1c:130664anonymous thanksanonymous thanksThank you so much for posting this (and thank the lord for google for helping me find this post). I was banging my head against the wall with this same issue and being new to MySql I hadn't realized it didn't support paramertized queries. Thanks!<img src="http://weblogs.asp.net/aggbug.aspx?PostID=130664" width="1" height="1">http://weblogs.asp.net/cumpsd/archive/2004/04/05/107456.aspx#130465Wed, 12 May 2004 14:07:00 GMTc06e2b9d-981a-45b4-a55f-ab0d8bbfdc1c:130465Peter LindemanPeter LindemanThanks Chris, I will have to give it a shot. Not sure I am going to be able to figure out how to get it to work, but I will try.<img src="http://weblogs.asp.net/aggbug.aspx?PostID=130465" width="1" height="1">http://weblogs.asp.net/cumpsd/archive/2004/04/05/107456.aspx#128799Sun, 09 May 2004 21:03:00 GMTc06e2b9d-981a-45b4-a55f-ab0d8bbfdc1c:128799Chris TurchinChris TurchinI think Carlos G.A's managed firebird provider for .NET supports named parameters with the @-prefix, e.g. &quot;select * from tbl_Name where id = @id&quot; All the info is available here: <a target="_new" href="http://www.go-mono.com/firebird.html">http://www.go-mono.com/firebird.html</a><img src="http://weblogs.asp.net/aggbug.aspx?PostID=128799" width="1" height="1">http://weblogs.asp.net/cumpsd/archive/2004/04/05/107456.aspx#126773Wed, 05 May 2004 23:18:00 GMTc06e2b9d-981a-45b4-a55f-ab0d8bbfdc1c:126773Peter LindemanPeter LindemanI am having the same problems with interbase/firbird. I tried the ? marks and that did work. Does anyone know of a similar library for interbase/firebird so I can use named parameters? Thanks<img src="http://weblogs.asp.net/aggbug.aspx?PostID=126773" width="1" height="1">http://weblogs.asp.net/cumpsd/archive/2004/04/05/107456.aspx#111118Sun, 11 Apr 2004 07:42:00 GMTc06e2b9d-981a-45b4-a55f-ab0d8bbfdc1c:111118hehhehyes, it's really stupid mistake :)<img src="http://weblogs.asp.net/aggbug.aspx?PostID=111118" width="1" height="1">http://weblogs.asp.net/cumpsd/archive/2004/04/05/107456.aspx#108421Tue, 06 Apr 2004 14:48:00 GMTc06e2b9d-981a-45b4-a55f-ab0d8bbfdc1c:108421drazic19drazic19glad to know my asp.net thread was of use to someone else as well as me. <br> <br>drazic19<img src="http://weblogs.asp.net/aggbug.aspx?PostID=108421" width="1" height="1">http://weblogs.asp.net/cumpsd/archive/2004/04/05/107456.aspx#107621Mon, 05 Apr 2004 09:25:00 GMTc06e2b9d-981a-45b4-a55f-ab0d8bbfdc1c:107621David CumpsDavid CumpsGood alternative, I thought of using it as well, but it will be in the next project :) <br> <br>For others wanting it: <br><a target="_new" href="http://www.mysql.com/downloads/api-dotnet.html">http://www.mysql.com/downloads/api-dotnet.html</a> <br>MySQLDriverCS &amp; ByteFX.Data<img src="http://weblogs.asp.net/aggbug.aspx?PostID=107621" width="1" height="1">http://weblogs.asp.net/cumpsd/archive/2004/04/05/107456.aspx#107487Mon, 05 Apr 2004 03:07:00 GMTc06e2b9d-981a-45b4-a55f-ab0d8bbfdc1c:107487Ryan GreggRyan GreggYou should look into using the ByteFX MySQL library. It's a native MySQL interface for .NET, so you don't have to use ODBC or ODBC drivers. It also supports name parameters, which could certainly make the code easier to understand and update. <br> <br>Just a thought! I've been using the library for a project I've been working on, and it's worked great.<img src="http://weblogs.asp.net/aggbug.aspx?PostID=107487" width="1" height="1">http://weblogs.asp.net/cumpsd/archive/2004/04/05/107456.aspx#107458Sun, 04 Apr 2004 23:38:00 GMTc06e2b9d-981a-45b4-a55f-ab0d8bbfdc1c:107458BertgBertgnoted into memory :p <br> <br>small bug are hard to find :p<img src="http://weblogs.asp.net/aggbug.aspx?PostID=107458" width="1" height="1">