First off, don't use
static
for your ID - that means there is only one per application and that's not necessarily the case when you create instances of the form as your code does.
Secondly, Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Always use Parameterized queries instead.
When you concatenate strings, you cause problems because SQL receives commands like:
SELECT * FROM MyTable WHERE StreetAddress = 'Baker's Wood'
The quote the user added terminates the string as far as SQL is concerned and you get problems. But it could be worse. If I come along and type this instead: "x';DROP TABLE MyTable;--" Then SQL receives a very different command:
SELECT * FROM MyTable WHERE StreetAddress = 'x';DROP TABLE MyTable;
Which SQL sees as three separate commands:
SELECT * FROM MyTable WHERE StreetAddress = 'x';
A perfectly valid SELECT
DROP TABLE MyTable;
A perfectly valid "delete the table" command
And everything else is a comment.
So it does: selects any matching rows, deletes the table from the DB, and ignores anything else.
So ALWAYS use parameterized queries! Or be prepared to restore your DB from backup frequently. You do take backups regularly, don't you?
Thirdly, why are you creating an instance of the form at all - you don't display it! Make
readData
static and pass it the ID value instead, and you don't need the form there so you decouple the classes from each other.
So: fix the first second one throughout your whole app, then:
1) Create a small class that holds the info the readData method has to return:
public class UserData
{
public string FirstName {get; set;}
public string LastName {get; set;}
public string Info {get; set;}
}
2) Create an instance of the "select" form.
3) Use ShowDialog to display it.
4) If the DialogResult shows the use clicked "OK" then:
4.1) Fetch the ID from the form Property.
4.2) Call the static ReadData method and pass it the ID value.
4.3) ReadData creates an instance of the UserData class and populates it from the database using the ID parameter.
4.4) ReadData returns the instance
4.5) Your code then processes the strings.
That way, your forms and other classes don't need to know about each other except where they actually need to: an OOPs design!
In your code, it's a mess of interrelated classes that need to know what the class calling them is doing, which is a very bad idea!