Use class for retrieving data and updating DB table

Question

1.00/5 (1 vote)

See more:

#FirstTime
i am trying to use a member function of a class to retrieve data or update table using datatable but when i call, i gives me NULLReference error.

What I have tried:

here is my code, constring is kept private global
<pre lang="c#">public void retrieveFromDB(int proID)
        {
            string selectcmd = "SELECT * FROM [store].[dbo].[tblproduct] WHERE [proID]='" + proID + "'";
            SqlConnection con = new SqlConnection(constring);
            con.Open();
            SqlCommand select = new SqlCommand(selectcmd, con);
            SqlDataAdapter sda = new SqlDataAdapter(select);
            sda.Fill(table);
            con.Close();
        }

call from main

C#

productTbl protbl = null;
protbl.retrieveFromDB(1);
protbl.updatestock(proID, protbl.getStockInHand(proID) - quantity);

gives error even after commenting

C#

public void retrieveFromDB(int proID)
        {
            string selectcmd = "SELECT * FROM [store].[dbo].[tblproduct] WHERE [proID]='" + proID + "'";
            SqlConnection con = new SqlConnection(constring);
            con.Open();
            //SqlCommand select = new SqlCommand(selectcmd, con);
            //SqlDataAdapter sda = new SqlDataAdapter(select);
            //sda.Fill(table);
            con.Close();
        }

Posted 1-Dec-17 0:54am

Arham Anees

Updated 1-Dec-17 1:24am

Add a Solution

Comments

Richard Deeming 1-Dec-17 12:58pm

NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.

Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
Query Parameterization Cheat Sheet | OWASP[^]

In this specific instance, since the parameter has been parsed as an int, it can't be used to do anything malicious. But using string concatenation is a bad habit to get into, and there's nothing to prevent a future maintainer changing the parameter to be a string and opening up a major security hole in your project.

Doing it properly isn't exactly difficult:

using (SqlConnection con = new SqlConnection(constring))
using (SqlCommand command = new SqlCommand("SELECT * FROM [store].[dbo].[tblproduct] WHERE [proID] = @proID", con))
{
    command.Parameters.AddWithValue("@proID", proID);
    
    SqlDataAdapter sda = new SqlDataAdapter(command);
    sda.Fill(table);
}

2 solutions

Solution 1

This is one of the most common problems we get asked, and it's also the one we are least equipped to answer, but you are most equipped to answer yourself.

Let me just explain what the error means: You have tried to use a variable, property, or a method return value but it contains null - which means that there is no instance of a class in the variable.
It's a bit like a pocket: you have a pocket in your shirt, which you use to hold a pen. If you reach into the pocket and find there isn't a pen there, you can't sign your name on a piece of paper - and you will get very funny looks if you try! The empty pocket is giving you a null value (no pen here!) so you can't do anything that you would normally do once you retrieved your pen. Why is it empty? That's the question - it may be that you forgot to pick up your pen when you left the house this morning, or possibly you left the pen in the pocket of yesterdays shirt when you took it off last night.

We can't tell, because we weren't there, and even more importantly, we can't even see your shirt, much less what is in the pocket!

Back to computers, and you have done the same thing, somehow - and we can't see your code, much less run it and find out what contains null when it shouldn't.
But you can - and Visual Studio will help you here. Run your program in the debugger and when it fails, VS will show you the line it found the problem on. You can then start looking at the various parts of it to see what value is null and start looking back through your code to find out why. So put a breakpoint at the beginning of the method containing the error line, and run your program from the start again. This time, VS will stop before the error, and let you examine what is going on by stepping through the code looking at your values.

But we can't do that - we don't have your code, we don't know how to use it if we did have it, we don't have your data. So try it - and see how much information you can find out!

Posted 1-Dec-17 0:58am

OriginalGriff

Comments

Arham Anees 1-Dec-17 7:09am

in step-into debugger mood, VS do not step into the class but show error instead in


protbl.retrieveFromDB(1);

moreever, i just have a datatable as a member variable. should i make columns in constructor? i didnt

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Richard MacCutchan · Accepted Answer · 2017-12-01T01:24:00

Solution 2

C#

productTbl protbl = null;
protbl.retrieveFromDB(1);

You are trying to call a method on a null reference. You must initialise your reference to a productTbl object like:

C#

productTbl protbl = new productTbl();

Posted 1-Dec-17 1:24am

Richard MacCutchan

Comments

Arham Anees 1-Dec-17 7:31am

oh i made a very basic mistake. sorry but i am newbie to programming

Richard MacCutchan 1-Dec-17 7:58am

We were all newbies once.

A good lesson to learn is to look carefully at your source code when you get an error. If nothing seems obvious then use the debugger to trace through the code and find the failing line. You can then examine any variables to see whether they contain good values or not.