Yeah, what Griff said.
Additionally, you should have used the debugger to show you the resultant CommandText -- the problem should have been obvious.
If it isn't obvious (and they aren't always), then you could have copied it and pasted it into SSMS and tried to execute it there.
I don't tink your technique of passing in the table, column, and key names are a good idea.
May I suggest that, if you insist on doing that, you use
, params string[] Column)
and pass in all the columns you want at once, rather than concatenating and hitting the database for each column?
Because you are returning at most one value, you may want to use ExecuteScalar rather than ExecuteReader.
But, as Griff said, you should validate the names. Because you seem to be using SQL Server, this can be as easy as querying the database catalogs.
Have a look at this, it ensures that the names passed into the method actually exist:
SELECT 'SELECT [' + D.name + '] FROM [' + A.name + '].[' + B.name + '] WHERE [' + C.name + '] = @key'
FROM sys.schemas A
INNER JOIN sys.objects B
ON A.schema_id=B.schema_id
INNER JOIN sys.columns C
ON B.Object_id=C.object_id
INNER JOIN sys.columns D
ON B.Object_id=D.object_id
WHERE A.name=@schemaname
AND B.name=@tablename AND B.type='U'
AND C.name=@keyname
AND D.name=@columnname
Use ExecuteScalar to execute something like that (with parameters). If the result is not
DBNull.Value
then you know the names were good and you can use the result as the CommandText.