Home/ Questions/Q 6604211
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-25T19:07:26+00:00

I’m having some problems, when I do my query from my vb.net program to

  • 0

I’m having some problems, when I do my query from my vb.net program to my mysql DB the data is sent, but its missing some things, let me explain.

My query is pretty simple I’m sending a file path to my DB so that after I can have a php website get the data and make a link with the data from my DB, but when I send my data the results look like this…

    \server_pathappsInst_pcLicences_ProceduresDivers    estCheck_list.doc

which should look like

    \\server_path\apps\Inst_pc\Licences_Procedures\Divers\test\Check_list.doc

I don’t know if its my code that’s not good or my configurations on my mysql server please help…

Here’s my code

    'Construct the sql command string 
        cmdString = "INSERT into procedures(Nom, Lien_Nom, Commentaires) VALUES('" & filenameOnly_no_space_no_accent & "', '" & str_Lien_Nom_Procedure & "', '" & str_commentaires_Procedure & "')"

        ' Create a mysql command 
        Dim cmd As New MySql.Data.MySqlClient.MySqlCommand(cmdString, conn)

        Try
            conn.Open()
            cmd.ExecuteNonQuery()
            conn.Close()
        Catch ex As MySqlException
            MsgBox("Error uppdating invoice: " & ex.Message)
        Finally
            conn.Dispose()
        End Try

Sorry I got a call and could continue my comment so here’s the rest :X

Well I guess that would work, but my program never uses the same path since in uploading a file on a server, so this time the document I wanted to upload was this path 

      \\Fsque01.sguc.ad\apps\Inst_pc\Licences_Procedures\Divers\test\Check_list.doc

but next time its going to be something else so I can’t hard code the paths, I was looking more of a SQL query which that I might not know, since I already thought about searching my string and if it finds a backslash it adds another one, but I feel its not a good way to script the whole thing…

Anyway thanks a lot for your help

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    When you construct the insert SQL it doesn’t have the backslashes escaped. For example:

    INSERT into procedures(Nom, Lien_Nom, Commentaires) VALUES('\\server_path\apps\Inst_pc\Licences_Procedures\Divers\test\Check_list.doc

    The backslashes need to be escaped like:

    INSERT into procedures(Nom, Lien_Nom, Commentaires) VALUES('\\\\server_path\\apps\\Inst_pc\\Licences_Procedures\\Divers\\test\\Check_list.doc

    You can do this with something like (not sure about VB.NET):

    filenameOnly_no_space_no_accent = filenameOnly_no_space_no_accent.Replace("\\", "\\\\")

    You should also look into parameterised queries, which may protect you from some SQL injection attacks and are a bit easier to write and maintain compared to stitched-together SQL (this isn’t tested and I’m not familiar with MySQL parameterised queries so YMMV):

    cmdString = "INSERT into procedures(Nom, Lien_Nom, Commentaires) VALUES(?nom, ?lien_nom, ?commentaires)"
Dim cmd As New MySql.Data.MySqlClient.MySqlCommand(cmdString, conn)
cmd.Parameters.Add("?nom", filenameOnly_no_space_no_accent.Replace("\\", "\\\\"))
cmd.Parameters.Add("?lien_nom", str_Lien_Nom_Procedure)
cmd.Parameters.Add("?commentaires", str_commentaires_Procedure)

    This is based on something I found at this end of this tutorial.

    • 0