5

This is the code I have. It works fine but returns only one row. As you can see in the SQL Statement I need 2 rows returned in the datagrid that I use in the form. While the procedure reads 2 rows it only displays one row. NameAddrmark is a constructor for the fields.

    public NameAddrmark GetNameRespCommentData(string respid)
    {
        NameAddrmark cms = new NameAddrmark();
        //var cms = new List<NameAddrmark>();

        SqlConnection connection = new SqlConnection(GeneralData.getConnectionString());

        string sql = "SELECT top 2 * FROM dbo.RESPONDENT_COMMENT WHERE respid = " + GeneralData.AddSqlQuotes(respid) + " and USRNME = " + GeneralData.AddSqlQuotes(UserInfo.UserName) + " order by COMMDATE ASC";
        SqlCommand command = new SqlCommand(sql, connection);

        try
        {
            connection.Open();
            SqlDataReader reader = command.ExecuteReader(CommandBehavior.SingleResult);

            while(reader.Read())
            //if (reader.Read())
            {
                cms.Id = respid;
                cms.Date8 = reader["COMMDATE"].ToString();
                cms.Usrnme = reader["USRNME"].ToString();
                cms.Marktext = reader["COMMTEXT"].ToString();
            }
            //else
            //    cms = null;
        }
        catch (SqlException ex)
        {
            throw ex;
        }
        finally
        {
            connection.Close();
        }
        return cms;
    }

On my form I return cms to a list. Set the datasource of the datagrid to the list. Displays first row correctly but I need two rows displayed. Hope someone can help. Thanks.

Improve this question
3
  • 3
    You are just setting the cms fields every time, why would it append information? Commented Nov 12, 2015 at 17:09
  • SQL Injection alert - you should not concatenate together your SQL statements - use parametrized queries instead to avoid SQL injection Commented Nov 12, 2015 at 18:20
  • Thanks, Changed it to a parametrized query. Commented Nov 18, 2015 at 15:03

2 Answers 2

Reset to default
11

You can return a List<NameAddrmark>:

public List<NameAddrmark> GetNameRespCommentData(string respid)
{
    List<NameAddrmark> cmsList = new List<NameAddrmark>();
    SqlConnection connection = new SqlConnection("insert connection string");
    string sql = "SELECT top 2 * FROM dbo.RESPONDENT_COMMENT WHERE respid = " + GeneralData.AddSqlQuotes(respid) + " and USRNME = " + GeneralData.AddSqlQuotes(UserInfo.UserName) + " order by COMMDATE ASC";
    SqlCommand command = new SqlCommand(sql, connection);
    try
    {
        connection.Open();
        SqlDataReader reader = command.ExecuteReader(CommandBehavior.SingleResult);
        while (reader.Read())
        {
            NameAddrmark cms = new NameAddrmark();
            cms.Id = respid;
            cms.Date8 = reader["COMMDATE"].ToString();
            cms.Usrnme = reader["USRNME"].ToString();
            cms.Marktext = reader["COMMTEXT"].ToString();
            cmsList.Add(cms);
        }
    } 
    catch (SqlException ex)
    {
        throw; // instead log the exception
    } 
    finally
    {
        connection.Close();
    }
    return cmsList;
}

But you should really use parameters instead of string concatenation to prevent sql injection.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Sorry about the delayed response. Tim's solution worked perfectly. Thanks. You are 'fast and fantastic' Tim.
-1 
private void button2_Click(object sender, EventArgs e)
        {
            //database connection string and opening area
            string oracleDb = @"Data Source="connection string here"";
            OracleConnection conn = new OracleConnection(oracleDb);
            conn.Open();

            //declareing paramater and readning parameter input
            OracleParameter param = new OracleParameter();
            param.OracleDbType = OracleDbType.Decimal;
            param.Value = txtlist.Text;

            OracleCommand cmd = new OracleCommand();
            cmd.Connection = conn;

            //sendting the parameter to the tabase query 
            cmd.Parameters.Add(param);
            cmd.CommandText = "SELECT NAME, ADDRESS  FROM FRIENDS WHERE age = :1";

            cmd.CommandType = CommandType.Text;
            OracleDataReader dataread = cmd.ExecuteReader();
            dataread.Read();

            if (dataread.HasRows)
            {
                while (dataread.Read())
                {
                    listBox1.Items.Add(dataread.GetString(1) + " from " + dataread.GetString(2));
                }
            }
            else
            {
                listBox1.Text = "Not Found";
                MessageBox.Show("Data Not found", "NOT FOUND", MessageBoxButtons.OK, MessageBoxIcon.Information);
            }
            conn.Dispose();
        }
Improve this answer

1 Comment

This answer doesn't seem to have much to do with the question. Maybe you posted it in the wrong browser tab?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.