MySQL leading whitespace with C#

When I update a field in my MySQL database, it always adds a whitespace to the value. I tried to remove the whitespace with the trim-command and the replace-command. Neither of them worked. So I expect that it isn't a whitespace but some vague ASCII character. These are the commands I used:

this.foo = result.GetValue(0).ToString().Trim();
this.bar = result.GetValue(0).ToString().Replace(" ","");

The field it updates is a VARCHAR(xx). This is my MySQL update command:

            MySqlCommand cmd = new MySqlCommand("UPDATE " + table + " SET " + new_field + " =' " + new_value+ "' WHERE " + field+ "= " + value + "",this.con);

this.con is my connection to the MySQL database.

FYI: I use .NET 3.5CF with a mysql.data.cf DLL in Visual Studio 2008.

Could someone help开发者_Go百科 me out with this problem? It's driving me nuts.

Well yes, you've got a leading space in the SQL:

"UPDATE " + table + " SET " + new_field + " =' " + new_value+ "'

Note the bit straight after "=" - you've got a quote, then a space, then new_value.

However, you shouldn't be putting the values in the SQL directly in the first place - you should be using parameterized SQL statements... currently you've got a SQL injection attack waiting to happen, as well as potential problems for honest values with quotes in.

You should use parameterized SQL for both new_value and value here... I'm assuming that field and table come from more "trusted" sources?

This appears to have a space where the * is

" ='*" + new_value