First of all, you need to run this code under debugger and see what is returned in data reader. Why do you assume there is only one record? I cannot see the returned data set because I don't have you database and don't even know its schema. For you, this is easy to pin-point.
What's more important, you do a big mistake in your query. You compose a query using repeated string concatenation. This is already bad, because strings are
immutable. You could use
string.Format
to solve this problem, but even that would be not good enough in your case. The problem is: you are composing the query based on the UI input.
You should never ever do it because this is too dangerous from the security standpoint. It is too easy to input not just data (room number or data), but also any fragment of SQL code. This is called
SQL injection and is a very well-known exploit. Please see:
http://en.wikipedia.org/wiki/SQL_injection[
^].
Also, the string data is untyped, and the performance can be a problem. Look at the article referenced above and read about the importance of
parametrized statements. With ADO.NET, you should always use
parametrized commands:
http://msdn.microsoft.com/en-us/library/yy6y35y8.aspx[
^].
[EDIT]
You cannot use the data reader this way. You should do something like:
if (dr5.HasRows) {
dr5.Read();
var someValue = dr5["myColumnName"];
if (!DBNull.Value.Equals(someValue) {
string someStringValue someValue as string;
if (!string.IsNullOrEmpty(someStringValue) ...
}
}
But why do you think there is only one row in the data set? Usually the data reader is used to read to the very end.
—SA