0

Alright, so I have the following SQL query: 

 query.CommandText = "SELECT FirstName, LastName, Age FROM Characters WHERE LastName LIKE   '"+name+"' ORDER BY Age";

And this loop that stores the result in the string "output"

while (reader.Read()) {
    output = output + reader.GetString(0) + reader.GetString(1) + reader.GetString(2).ToString();
}

However, for the third attribute age, which is an int, I get an error

could not convert System.Int32 to type System.String

As you see, I've already tried to solve this by using the int.ToString() function but I still get the same error. What am I doing wrong here? Thanks in advance!

Improve this question
3
  • 3
    reader.GetString(2).ToString() is pointless ;) Commented Jul 3, 2014 at 15:18
  • 7
    Please look up "SQL Injection" in your search engine of choice. Commented Jul 3, 2014 at 15:19
  • If you read the documentation, it states that no conversion is performed, so the data retrieved must already be a string, Int32, etc. Commented Jul 3, 2014 at 15:23

2 Answers 2

Reset to default
6

reader.GetString(2).ToString() is pointless, it either is already a string or you use the wrong method. Since you've mentioned that it's an int use reader.GetInt32:

string firstName = reader.GetString(0);
string larstName = reader.GetString(1);
int age = reader.GetInt32(2);
output = output + string.Format("{0}{1}{2}", firstName, lastName, age);

If the column Age is nullable you need to use IsDBNull first, you could also use an int? then:

int? age = null;
if(!reader.IsDBNull(2))
    age = reader.GetInt32(2);

If you want to access a field by it's name rather than via index, use GetOrdinal:

int ageIndex = reader.GetOrdinal("Age");
int? age = null;
if(!reader.IsDBNull(ageIndex))
    age = reader.GetInt32(ageIndex);

As an important aside, you're open for sql-injection here:

query.CommandText = @"SELECT FirstName, LastName, Age 
                      FROM Characters 
                      WHERE LastName LIKE '" + name + "' ORDER BY Age";

because you're concatenating the sql query. Instead use sql-parameters:

query.CommandText = @"SELECT FirstName, LastName, Age 
                      FROM Characters 
                      WHERE LastName LIKE '%' + @LastName + '%' 
                      ORDER BY Age";
query.Parameters.Add("@LastName", SqlDbType.NVarChar).Value = name;

(if you don't want to find also substrings you don't need to use LIKE, then you can use =)

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Right, that makes sense! Never used the reader before so I didn't research which methods it has
1

agree with Tim but something like 

reader[2].ToString();

may be more generic and less buggy if you change your select order.

following Tim Comment:

reader["Age"].ToString();
Improve this answer

2 Comments

If you change the select it is better to get an exception at GetInt32 instead of an incorrect result.
@TimSchmelter true also

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.