0

I've hit the database in another section of my code using SqlDataAdapter but I just need a reader to return one row for me and this code isn't working right. Can someone see where I'm making a mistake?

I'm just trying to assign one label a value from the first column of my row returned. I can't get either alert to pop when its ran either below.

private void loadProcInfo(string procid)
{
    try
    {
        SqlConnection con = new SqlConnection(WebConfigurationManager.ConnectionStrings["MyDbConn"].ConnectionString);
        SqlCommand query = new SqlCommand("SELECT * FROM dbo.Book1 WHERE ID ='" + procid +"'", con);

        //ClientScript.RegisterStartupScript(this.GetType(), "myalert", "alert('"+query+"');", true);

        using (SqlDataReader procinfoload = query.ExecuteReader())
        {                    
            if (procinfoload.Read())
            {
                ClientScript.RegisterStartupScript(this.GetType(), "myalert", "alert('IT WORKED');", true);
                Id.Text = procinfoload.GetValue(0).ToString();
            }
            else
            {
                ClientScript.RegisterStartupScript(this.GetType(), "myalert", "alert('not success!');", true);
            }
        }

        con.Close();
    }
    catch (Exception ex)
    {
        ClientScript.RegisterStartupScript(this.GetType(), "myalert", "alert('" + ex + "');", true);
        //MessageBox.Show(ex.Message);
    }
}
Improve this question
2
  • 2
    Use sql parameters Commented Nov 29, 2016 at 20:46
  • You should always include the error message in your question instead of assuming we know what the issue is. Commented Nov 29, 2016 at 21:54

2 Answers 2

Reset to default
4

Open the connection before attempting to execute the reader.

con.Open();
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2

The main issue is the code does not open the connection before you use the command. There are other issues though.

  • You do not parameterize your queries, this exposes your code to possible sql injection attacks.
  • You do not wrap your connection in a using block, if an exception is thrown the connection would stay open until garbage collection occurs. This is bad practice.

Code:

private void loadProcInfo(string procid)
{
    try
    {
        using(SqlConnection con = new SqlConnection(WebConfigurationManager.ConnectionStrings["MyDbConn"].ConnectionString))
        using(SqlCommand query = new SqlCommand("SELECT * FROM dbo.Book1 WHERE ID = @bookId", con))
        {
            // added parameter
            query.Parameters.Add(new SqlParameter("@bookId", SqlDbType.Int){Value = procid});
            con.Open(); // missing
            //ClientScript.RegisterStartupScript(this.GetType(), "myalert", "alert('"+query+"');", true);
            using (SqlDataReader procinfoload = query.ExecuteReader())
            {                    
                if (procinfoload.Read())
                {
                    ClientScript.RegisterStartupScript(this.GetType(), "myalert", "alert('IT WORKED');", true);
                    Id.Text = procinfoload.GetValue(0).ToString();
                }
                else
                {
                    ClientScript.RegisterStartupScript(this.GetType(), "myalert", "alert('not success!');", true);
                }
            }
        }
    }
    catch (Exception ex)
    {
        ClientScript.RegisterStartupScript(this.GetType(), "myalert", "alert('" + ex + "');", true);
        //MessageBox.Show(ex.Message);
    }
}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.