0

I am writing a simple SQL Server query operation through vb.net application. I am having some strange problems.

This line is giving error:

dr = cmd.ExecuteReader()

This is giving me error "Invalid column name abhishek." Here abhishek is the data I am providing in TextBox1.Text. I am not able to think of any mistake by my side as this is a simple query. I am able to run other queries, like delete queries, on same table in a different form, so its not a database problem.

Any clue what's going wrong?

reginfo is the table name. name is one of the fields.

My complete code is below:

Imports System.Data.Sql
Imports System.Data.SqlClient
Public Class Form9
    Dim con As New SqlConnection()
    Dim cmd As New SqlCommand()

    Private Sub Button1_Click(sender As System.Object, e As System.EventArgs) Handles Button1.Click
        cmd.CommandText = "select * from reginfo where name=" + (TextBox1.Text) + ""
        Dim dr As SqlDataReader
        con.Open()
        cmd.Connection = con
        dr = cmd.ExecuteReader()    '<<< This line is creating problem
        If dr.Read() Then
            TextBox2.Text = dr(0).ToString()
        End If
        con.Close()
    End Sub

    Private Sub Form8_Load(sender As System.Object, e As System.EventArgs) Handles MyBase.Load
        con.ConnectionString = "Data Source=ABHISHEK-PC\SQLEXPRESS;Initial Catalog=locserver;Integrated Security=True;Pooling=False"
    End Sub

    Private Sub Button2_Click(sender As System.Object, e As System.EventArgs) Handles Button2.Click

    End Sub

End Class
Improve this question

1 Answer 1

Reset to default
2

if the name field is a text field then you need to enclose your textbox in single quotes, but this is bad advice to give. The only good approach to this kind of situations is through a parameterized query

cmd.CommandText = "select * from reginfo where name=@name"
cmd.Parameters.AddWithValue("@name",  TextBox1.Text)
Dim dr As SqlDataReader
con.Open()
cmd.Connection = con
dr = cmd.ExecuteReader()

Also, do not keep global objects like a connection or a command. It is always a good practice to instantiate a connection as late as possible and close it as soon as possible, better inside a Using block

Using con = New SqlConnection(...connection string here....)
    Using cmd = New SqlCommand("select * from reginfo where name=@name", con)
        con.Open()
        cmd.Parameters.AddWithValue("@name",  TextBox1.Text)
        Using dr = cmd.ExecuteReader
            '.... do you reading
        End Using
    End Using

End Using

In this way the connection is kept open for the minimum time possible and, also in case of exceptions is closed and disposed appropriately.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

In VB.NET you can combine multiple usings together into a single declaration with a comma. Otherwise each using statement should probably have it's own level of indentation.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.