Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
MySqlCommand cmd = new MySqlCommand
(@"INSERT INTO Table(field) VALUES('somevalue');" +
"SELECT * FROM table",cn);
This works fine to me since I’m only passing those statements to my MySQL server.
Is it OK to use ExecuteReader() when inserting & updating & deleting?
I usually use ExecuteNonQuery() on those.
You’re just fine bundling the extra INSERT in along with your SELECT with ExecuteReader(). This is okay.
I do see two things that are potentially not okay… nothing in the code itself, but what you showed is simplified, and the simplified code hints at some potential poor practices:
The first not okay is that your code looks like it might be using string concatenation to substitute values into your query. Something like this:
That is a huge problem, as it opens a gaping security hole in your application. Instead, you need to use query parameters, so the code looks more like this:
The other potential problem is that your command and, more importantly, your connection, should be wrapped in a try/finally block (or for preference a using block), like this: