2

I have the following vb.net code

Protected Sub submit_date_Click(sender As Object, e As System.EventArgs) Handles submit_date.Click
    Using conn As New SqlConnection(ConfigurationManager.ConnectionStrings("GasNominationsConnectionString").ConnectionString)
        conn.Open()
        Using cmd As SqlCommand = conn.CreateCommand
            cmd.CommandText = "select * from MorningReport where readdate = " & "'" & datedisplay.text & "'"
            Dim sqlrd As SqlDataReader = cmd.ExecuteReader()

            If sqlrd.HasRows Then sqlrd.Read()
            Me.Label6.Text = sqlrd.Item("NteesHR")

        End Using
    End Using
End Sub

The problem I have is it doesn't read any data. The datedisplay.text is a text box populated using an ajax calendar extender and when I debug the data I can see it gets the correct date which is 22/08/2013 for this example. I then get the error

Invalid attempt to read when no data is present.

The problem I have is if I copy the SQL statement into SQL Server Management Studio and run it against the table it works fine and I get the result I want.

The SQL is

select * from MorningReport where readdate = '22/08/2013'

The format of the date in the sql table is 2013-08-22 with type date.

What am I missing?

Improve this question
10
  • When you debug your code what is in cmd.CommandText after that line executes? Commented Aug 23, 2013 at 13:55
  • "select * from MorningReport where ReadDate = '22/08/2013'" Commented Aug 23, 2013 at 13:57
  • And if you take that exact value, minus the double quotes at the beginning and end, does it execute correctly in SQL Server? Commented Aug 23, 2013 at 14:00
  • Yep perfectly. Returns one row of about 20 fields. Commented Aug 23, 2013 at 14:03
  • 5
    Just should absolutely use a parametrized query instead of concatenating together your SQL! First of all, doing what you're doing now is in open invitation to SQL injection attacks, secondly it's slower, and thirdly, you get into issue like this with what format your dates - mishandled as strings - are...... don't do this! Use a parameter of type DateTime and all your problems go away immediately! Commented Aug 23, 2013 at 14:19

1 Answer 1

Reset to default
2

using marc_s recommendation I used a parametrized query. Please see below. Cheers

Protected Sub submit_date_Click(sender As Object, e As System.EventArgs) Handles submit_date.Click

    Using conn As New SqlConnection(ConfigurationManager.ConnectionStrings("GasNominationsConnectionString").ConnectionString)
        conn.Open()
        Using cmd As SqlCommand = conn.CreateCommand
            cmd.CommandType = CommandType.StoredProcedure
            cmd.CommandText = "getMorningReportData"
            cmd.Parameters.Add("datedisplay", SqlDbType.Date).Value = DateDisplay.Text
            Dim sqlrd As SqlDataReader = cmd.ExecuteReader()

            If sqlrd.HasRows Then
                sqlrd.Read()

                Me.Label6.Text = sqlrd.Item("NteesHR")
            End If


        End Using
    End Using

End Sub
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.