Click here to Skip to main content
15,883,901 members
Search within:


why SqlReader of Read() ts not working
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
SQL-Server-2005
C#3.0
C#
, +
Hi everyone,

Problem: SqlReader of Read() not working

User Action:
* enter their ID in a textbox and click a button

Program Action:
* Select their name from database by given ID value
* Then Print their name with HI! Message in RichTextBox or in Textbox

Error List:
* No Error

Here is my code:

C#
private void swipe_button_Click(object sender, EventArgs e)
        {
            String ID_givenbyUSER = IDtxtBox.Text;                      
            SqlConnection sqlConn = null;
            sqlConn = new SqlConnection("Data Source=HOME-PC\\SQLEXPRESS;Initial Catalog=ABC_SchoolDB;Integrated Security=True");
            sqlConn.Open();
            SqlCommand cmd = new SqlCommand("select Student_Name from dbo.Sheet@Attendance where Serial_Id=" + " ' " + ID_givenbyUSER + " ' ", sqlConn);
            SqlDataReader sqlReader = cmd.ExecuteReader();
            richTxtBox.Clear();
            richTxtBox.AppendText("Hi buddy "); //This line works
            while (sqlReader.Read())
                    {
                        richTxtBox.AppendText("Hi buddy "); //But,Its not work
                        pwdbox.Text =                          (sqlReader["Student_Name"].ToString()); //It also not work
                    }            
            if (sqlConn != null)
            {
                sqlConn.Close();
                sqlConn = null;
            } 
        }
}
Posted
Add a Solution

3 solutions

Is the SQL statement passed to SQL Server valid? That is, does it run if you copy it into a SQL window?
Does the cmd.ExecuteReader() call throw an exception?

There is one thing in this code that stands out as very dangerous. The way you construct the SQL command is open to a hack called SQL Injection. Anything typed into the text box will be passed to SQL. Hackers use coding defects like this to get access to stuff they shouldn't. You need to learn about parameterized queries that prevent this attack.
 
Share this answer
 
Posted
You reported that there is no error, and the code does everything within the block. That means Read is returning false. That means there are no records in the query you specified. That is, it's not a code problem per se.

Take your query with the exact input and run it in Query Analyzer. I'm really not sure about that table name either. Enclose it in brackets (e.g. dbo.[MyTableName]). Your input may need to match exactly to the field in the database if you have a collation that is case-sensitive.

P.S. You have a SQL injection vulnerability in your code. You should use parameters with your command.
 
Share this answer
 
Posted
Problem is here:
SqlCommand cmd = new SqlCommand("select Student_Name from dbo.Sheet@Attendance where Serial_Id=" + " ' " + ID_givenbyUSER + " ' ", sqlConn);

Instead, follow this:
SqlCommand cmd = new SqlCommand("select Student_Name from dbo.Sheet@Attendance where Serial_Id=' " + ID_givenbyUSER + " ' ", sqlConn);
 
Share this answer
 
Posted
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month

Advertise
Privacy
Cookies
Terms of Use
Last Updated 10 Mar 2014
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web01 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900