A couple of things I noticed:
Where is
connUN defined?
private void txtP_TextChanged(object sender, EventArgs e)
{
connUN.ConnectionString = ConfigurationManager.ConnectionStrings["SSM.Properties.Settings.ScMgP"].ConnectionString;
Why have you done it this way? Have you thought about trying something like this?
private void txtP_TextChanged(object sender, EventArgs e)
{
string _cs = ConfigurationManager.ConnectionStrings["SSM.Properties.Settings.ScMgP"].ConnectionString;
using (SqlConnection connUN = new SqlConnection(_cs)) {
Next thing is the way you build this command up. It is downright dangerous!
NEVER EVER should you piece together an SQL Command from inline strings containing user input. This is a prime example of SQL Injection, and has been in the top 10 vulnerabilities for over 20 years. The proper way would be to used
Parameters and adding the user input by adding the values later. Here is the relevant block of code building on my previous code sample
try {
SqlCommand cmd = new SqlCommand(_qry, connUN);
cmd.Parameters.AddWithValue("@password", txtP.Text());
And the last thing is your error handling. It assumes every every thrown is with the database. There are options, and you can stack the
catch
statements to display better information about your mistake. The only rule is that the generic
catch (Exception ex) is last, as it will catch any exception. By using a specific MySqlException catch you can access the properties specific to MySql.
catch (MySqlException sx) {
MessageBox.Show(
"MySql Exception " + sx.Message
, "Database error #" + sx.Code
, MessageBoxButtons.OK
, MessageBoxIcon.Error
);
}
catch (Exception ex) {
MessageBox.Show(
"System error Message. " + ex.Message
, "General Error"
, MessageBoxButtons.OK
, MessageBoxIcon.Error
);
}
I cannot guarantee that this will fix your requested problem, but these blocks of code are safer and can be more informative when you do have a problem.