0

I'm trying to display account balance from database in different currencies. Based on comboBox index the currencyValue changes. The problem is that with the parameter currencyValue in query string program never enters the while (reader.Read()) loop. Only with parameter. When I just use magical number for example 4.30 in string instead, it works perfectly fine, but with parameter which value is set to 4.30 nothing happens (only works with 1).

private void btnWybierz_Click(object sender, EventArgs e)
    {
        string fullname = cmbKonto.Text;

        string query = string.Format("SELECT CAST(balance / '{0}' AS DECIMAL(10, 2)) " +
                                            "FROM dbo.Accounts " +
                                            "WHERE (firstname + ' ' + lastname)='{1}'", currencyValue, fullname);

        using (SqlConnection connection = ConnectToDB.ConnectDB())
        {
            using (SqlCommand command = new SqlCommand(query, connection))
            {
                using (var reader = command.ExecuteReader())
                {
                    if (reader.HasRows)
                    {
                        while (reader.Read())
                        {
                            saldo = reader[0];
                            tbSaldo.Text = saldo.ToString();
                        }
                    }
                }
            }
        }
    }
Improve this question
4
  • balance / '{0}' are you dividing a number by a string? Commented Oct 25, 2018 at 21:51
  • Also you are not using any parameter here. You are just concatenating strings together. Very bad idea from a security point of view. Search about Sql Injection and use real parameters Commented Oct 25, 2018 at 21:52
  • 1
    If your database has two "John Smiths", one is always going to get the wrong account information. Commented Oct 25, 2018 at 21:58
  • And let see what happens when you have a Mike O'Brian Commented Oct 25, 2018 at 21:59

1 Answer 1

Reset to default
4

This problem may be solved by writing decimal places as 4/30.

This problem may be solved writing Replace '{0}' with {0}

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.