Use parameters to fix the
SQL Injection[
^] vulnerabilities in your code.
Wrap all disposable objects in
using
blocks.
Don't share connection, command, dataadapter, or datareader objects between invocations of your method.
There's no need to use a dataadapter to execute a single update command.
string SNE = data["End_Rg"];
using (var command = new SqlCommand("UPDATE Range SET status = 'Used' WHERE End_SerialNum = @SNE", cnn))
{
command.Parameters.AddWithValue("@SNE", SNE);
command.ExecuteNonQuery();
}
using (var command = new SqlCommand("SELECT Start_Range, End_Range, Status FROM SDCard_SNRange WHERE End_SerialNum = @SNE", cnn))
{
command.Parameters.AddWithValue("@SNE", SNE.Substring(2));
using (var reader = command.ExecuteReader())
{
if (reader.HasRows)
{
using (var tw = File.AppendText(logPath))
{
while (reader.Read())
{
tw.WriteLine("Update status");
tw.WriteLine("Start Range: {0}", dataReader["Start_Range"]);
tw.WriteLine("End Range: {0}", dataReader["End_Range"]);
tw.WriteLine("Status: {0}", dataReader["Status"]);
}
}
}
}
}