MySql.Data.MySqlClient.MySqlException - vb.net -

can't figure out went wrong code. wanted retrieve sha256 key mysql database.

keys table: id(int 4)    |  key (varchar64)  1            |  5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8 

myadapter.fill(mydataatable) line keep throwing me error

mysql.data.mysqlclient.mysqlexception unhandled
errorcode=-2147467259 message=you have error in sql syntax; check manual corresponds mysql server version right syntax use near 'keys id= 1' @ line 1

here full error log: http://pastebin.com/eg4gfywa

here code, learnt youtube...

  dim connectdatabase new mysqlconnection("server=localhost;user id=root;password=testing123;database=flag15")     if textbox1.text = ""         messagebox.show("please input user id", "error", messageboxbuttons.ok, messageboxicon.error)     else         dim myadapter new mysqldataadapter("select * keys id= " & textbox1.text, connectdatabase)         dim mydataatable new datatable         myadapter.fill(mydataatable)         if mydataatable.rows.count > 0             label4.text = mydataatable.rows(0).item("key")         else             messagebox.show("user id not found", "error", messageboxbuttons.ok, messageboxicon.error)             textbox1.text = ""             label4.text = ""         end if     end if 

i assume need apostrophes around where id= .... however, wide open sql-injection. don't concatenate sql string use sql-parameters.

using con = new mysqlconnection("server=localhost;user id=root;password=testing123;database=flag15")     using myadapter = new mysqldataadapter("select * keys id=@id", con)         myadapter.selectcommand.parameters.addwithvalue("@id", textbox1.text)         dim mydataatable new datatable         myadapter.fill(mydataatable)         '...'     end using end using