C# Mysql Error Check if token Exist

Okay, so I want to check if the token exist. I do this and I get this ERROR: Unknown column 'WhatEverTokenIType' in 'where clause' Ik the token doesn't exist i just want it to print that to the console as I have it below. 

    public static async Task RedeemToken(CommandEventArgs e, string Token) {

        try {
            var Channel = e.Server.FindChannels("tokens").FirstOrDefault();
            var User = e.User;

            string Connection = "datasource=myip;port=3306;database=somedb;username=someuser;password=somepass;";
            string Query = "SELECT * FROM Tokens WHERE token = " + Token;

            MySqlConnection conn = new MySqlConnection(Connection);
            MySqlCommand cmd = new MySqlCommand(Query, conn);
            MySqlDataReader reader = null;

            conn.Open();
            reader = cmd.ExecuteReader();
            int tokenExist = (int)cmd.ExecuteScalar();
            if (tokenExist > 0) {
                Console.WriteLine("Token Exist");
            } else {
                Console.WriteLine("Token Doesn't Exist");
            }
            while (reader.Read()) {
            }
            conn.Close();
        } catch (Exception ex) {
            Console.WriteLine(ex.Message);
        }
    }
Jon Skeet
people
quotationmark

Your SQL would be something like SELECT * FROM Tokens WHERE token = someToken - that's treating someToken as a column name, not a value.

You should use parameterized SQL instead of building the SQL dynamically, e.g.

// Include the parameter name (@token) in the SQL...
string query = "SELECT * FROM Tokens WHERE token = @token";

// Then populate the parameter *value* in the parameter collection.
// Change the parameter type to match the token column, obviously.
cmd.Parameters.Add("@token", MySqlDbType.VarChar).Value = token;

Additionally, you should:

  • Use using statements to ensure you close connections, commands etc properly
  • Follow .NET and C# naming conventions, where parameters, local variables etc start with a lower case letter.
  • Use asynchronous calls within an async method - currently the calling method is still going to block while you execute the query.
  • Not call ExecuteScalar() in your code - you're already calling ExecuteReader(), and your query doesn't return a scalar value, so why would you call it?

people

See more on this question at Stackoverflow