Backslashes disapearing after my vb.net query to Mysql

I'm having some problems, when I do my query from my vb.net program to my mysql DB the data is sent, but its missing some things, let me explain.

My query is pretty simple I'm sending a file path to my DB so that after I can have a php website get the data and make a link with the data from my DB, but when I send my data the results look like this...

    \server_pathappsInst_pcLicences_ProceduresDivers    estCheck_list.doc

which should look like

    \\server_path\apps\Inst_pc\Licences_Procedures\Divers\test\Check_list.doc

I don't know if its my code that's not good or my configurations on my mysql server please help...

Here's my code

    'Construct the sql command string 
        cmdString = "INSERT into procedures(Nom, Lien_Nom, Commentaires) VALUES('" & filenameOnly_no_space_no_accent & "', '" & str_Lien_Nom_Procedure & "', '" & str_commentaires_Procedure & "')"

        ' Create a mysql command 
        Dim cmd As New MySql.Data.MySqlClient.MySqlCommand(cmdString, conn)

        Try
            conn.Open()
            cmd.ExecuteNonQuery()
            conn.Close()
        Catch ex As MySqlException
            MsgBox("Error uppdating invoice: " & ex.Message)
        Finally
            conn.Dispose()
        End Try

Sorry I got a call and could continue my comment so here's the rest :X

Well I guess that would work, but my program never uses the same path since in uploading a file on a server, so this time the document I wanted to upload was this path

      \\Fsque01.sguc.ad\apps\Inst_pc\Licences_Pr开发者_如何学Goocedures\Divers\test\Check_list.doc 

but next time its going to be something else so I can't hard code the paths, I was looking more of a SQL query which that I might not know, since I already thought about searching my string and if it finds a backslash it adds another one, but I feel its not a good way to script the whole thing...

Anyway thanks a lot for your help

When you construct the insert SQL it doesn't have the backslashes escaped. For example:

INSERT into procedures(Nom, Lien_Nom, Commentaires) VALUES('\\server_path\apps\Inst_pc\Licences_Procedures\Divers\test\Check_list.doc

The backslashes need to be escaped like:

INSERT into procedures(Nom, Lien_Nom, Commentaires) VALUES('\\\\server_path\\apps\\Inst_pc\\Licences_Procedures\\Divers\\test\\Check_list.doc

You can do this with something like (not sure about VB.NET):

filenameOnly_no_space_no_accent = filenameOnly_no_space_no_accent.Replace("\\", "\\\\")

You should also look into parameterised queries, which may protect you from some SQL injection attacks and are a bit easier to write and maintain compared to stitched-together SQL (this isn't tested and I'm not familiar with MySQL parameterised queries so YMMV):

cmdString = "INSERT into procedures(Nom, Lien_Nom, Commentaires) VALUES(?nom, ?lien_nom, ?commentaires)"
Dim cmd As New MySql.Data.MySqlClient.MySqlCommand(cmdString, conn)
cmd.Parameters.Add("?nom", filenameOnly_no_space_no_accent.Replace("\\", "\\\\"))
cmd.Parameters.Add("?lien_nom", str_Lien_Nom_Procedure)
cmd.Parameters.Add("?commentaires", str_commentaires_Procedure)

This is based on something I found at this end of this tutorial.

Use double backslashes not single backslash

   cmdString = "INSERT into procedures(Nom, Lien_Nom, Commentaires) VALUES(?nom,?Lien_Nom,?Commentaires)"

        ' Create a mysql command 
        Dim cmd As New MySqlCommand(cmdString, conn)
        cmd.Parameters.AddWithValue("?nom", filenameOnly_no_space_no_accent)
        cmd.Parameters.AddWithValue("?Lien_Nom", str_Lien_Nom_Procedure)
        cmd.Parameters.AddWithValue("?Commentaires", str_commentaires_Procedure)


        Try
            conn.Open()
            cmd.ExecuteNonQuery()
            conn.Close()
        Catch ex As MySqlException
            MsgBox("Error uppdating invoice: " & ex.Message)
        Finally
            conn.Dispose()
        End Try