Check Null or Empty String For Two Values C#

Question

I want to check for empty string or null values for Subject Code and Subject Name so that empty string of subject code and subject name will not be store in the database. I'm new to c#. There is an error to the code. It stated cannot convert from bool to string. I tried so many ways but the error is still there. After fixing the error for converting from bool to string, it returned me an Not Found error. How should I change the return NotFound() error?

        public IHttpActionResult PostAddSubjectCode([FromBody] ConfigSubjectCode SubjectCodes)
        {

        string Subject_Code = SubjectCodes.Subject_Code;  
        string Subject_Name = SubjectCodes.Subject_Name; 
        if (String.IsNullOrEmpty(Subject_Code) && String.IsNullOrEmpty(Subject_Name))
        {
            return NotFound();
        }
        else
        {
            string sql = "INSERT INTO[dbo].[GEO_SUBJECT_CODES] ([Subject_Code],[Subject_Name_BY_CLASS]) VALUES " +
                         "('" + Subject_Code + "', '" + Subject_Name + "');";
            DBConnection dbConnection = new DBConnection();
            dBConnection.UpdateTable(sql);            
            return Ok();
        }

        }

`String.IsNullOrEmpty(aString)` - this is how you use it. The method `IsNullOrEmpty` expects a string as argument, not a boolean, which is the reason for the error. — Sнаđошƒаӽ, Aug 15 '19 at 04:36
Use `&&` to combine your conditions then. Like `String.IsNullOrEmpty(str1) && String.IsNullOrEmpty(str2)`. — Sнаđошƒаӽ, Aug 15 '19 at 04:39
But I think you should be using OR instead of AND, as per your intentions. — Sнаđошƒаӽ, Aug 15 '19 at 04:40
I'd strongly suggest reading up on SQL Injection. And also tell us the **exact error thrown**. — mjwills, Aug 15 '19 at 04:56

EdSF · Answer 1 · 2019-08-15T05:27:17.657

0

The error states exactly what the problem is: You're passing a boolean (Subject_Code == "" && Subject_Name == "") to String.IsNullOrEmpty which expects a string
You're setting empty string to the variables you're checking, making the if check pointless
Your SQL is open to injection

Strongly suggested: Getting started with ASP.NET MVC 5, it will also have links to newer Core examples.

I'll keep this here since we had a thread going and to point out the issues listed.

// These will make the if statement useless, it will never hit else
// string Subject_Code = "";
// string Subject_Name = "";

//Assumptions: Subject_Codes contians these props
if(string.IsNullOrEmtpy(SubjectCodes.Subject_Code) && string.IsNullOrEmpty(SubjectCodes.Subject_Name)){
      // whatever you want to do...
} else {
      //sql here - I'll skip the comments on why your sql is bad - re: use parameters
      // return after successful sql - look into a try/catch
}

~~Look into DataAnnotations [Required] in your model instead - you gain both server and client side validation.~~ I strongly suggest you go over extensive tutorials instead of piecemeal stuff.

edited Aug 15 '19 at 05:27

answered Aug 15 '19 at 04:40

EdSF

11,753
6
42
83

but the code could not reach to my string sql. It stated unreachable code detected – charles Aug 15 '19 at 04:45
@charles post your updated code, it shouldn't. Note that I only gave you a snippet, I've adjusted to make it clearer – EdSF Aug 15 '19 at 04:47
Actually, yeah your `else` statement `returns` so your sql is unreachable – EdSF Aug 15 '19 at 04:49
1

@charles that's because you are returning on both branches of your if statement. – Sнаđошƒаӽ Aug 15 '19 at 04:49
@charles updated with a **trivial** example/guide. You **must** improve your code, after you get past this error. There are tons of examples of how to do proper data access in ASP.Net – EdSF Aug 15 '19 at 04:52
@EdSF i have updated my code – charles Aug 15 '19 at 04:53
@charles yes, thank you. The comments above explain why your sql block is unreachable - hence I've updated my _trivial_ sample. Doing this on purpose so you can just get out of your current issue. There are more as stated. Go to online resources on data access in ASP.net. Post another question if you get stuck on that. – EdSF Aug 15 '19 at 04:56
@charles after looking again, your code just isn't going to work. You're setting the variables you're checking into enpty strings. The evaluation is useless, it will never hit `else` – EdSF Aug 15 '19 at 04:59
try and catch is not working – charles Aug 15 '19 at 05:35

BPDESILVA · Answer 2 · 2019-08-15T06:25:28.157

-1

Based on the above code what you have tried to do is compare boolean value to a string value which would give you an error try the solution below.

  if (String.IsNullOrEmpty(Subject_Code) && String.IsNullOrEmpty(Subject_Name)){
    return NotFound();
  } else{
       try{
        //SQL Code
        } catch (Exception ex){
               //Your Code
        }
}

Note: This is a quick fix for OP's problem, not the best practice.

edited Aug 15 '19 at 06:25

answered Aug 15 '19 at 04:40

BPDESILVA

2,040
5
15
35

for the catch can i just put `throw ex;` ? – charles Aug 15 '19 at 05:07
Hi @charles please read https://learn.microsoft.com/en-us/dotnet/standard/exceptions/best-practices-for-exceptions – BPDESILVA Aug 15 '19 at 05:09
3

You shouldn't promote SQL injection, it's better to show OP parameterized queries. – Jeremy Thompson Aug 15 '19 at 06:10
@Jeremy Thompson updated. – BPDESILVA Aug 15 '19 at 06:28
what's OP parameterized queries? – charles Aug 15 '19 at 07:13

MPost · Answer 3 · 2019-08-15T06:26:42.460

-1

Since your if/else both return, it will never get to the actual update code. And you were assigned both variable to a fixed empty string, which would never cause the if/else to work in any case. You want something like this:

    public IHttpActionResult PostAddSubjectCode([FromBody] ConfigSubjectCode SubjectCodes)
    {

        string Subject_Code = SubjectCodes.Subject_Code; // these can't be fixed ""
        string Subject_Name = SubjectCodes.Subject_Name; // these can't be fixed ""
        if (String.IsNullOrEmpty(Subject_Code) && String.IsNullOrEmpty(Subject_Name))
        {
            return NotFound();
        }
        else
        {
            string sql = "INSERT INTO[dbo].[GEO_SUBJECT_CODES] ([Subject_Code],[Subject_Name_BY_CLASS]) VALUES " +
                         "('" + Subject_Code + "', '" + Subject_Name + "');";
            DBConnection dBConnection = new DBConnection();
            dBConnection.UpdateTable(sql);            
            return Ok();
        }

    }

edited Aug 15 '19 at 06:26

answered Aug 15 '19 at 05:01

MPost

535
2
7

See my comments below, the OP is setting empty strings that are being checked in the if - making it pointless. It will never hit `else` – EdSF Aug 15 '19 at 05:05
i can't use `using`. There's an error – charles Aug 15 '19 at 05:09
1

I assumed that that was just a sample for setting it where for purposes of the code he just happened to use empty strings but in practice would be retrieved from somewhere. Was I giving too much benefit of the doubt? – MPost Aug 15 '19 at 05:09
1

OK. So whatever dbConnection you are using doesn't derive from IDisposable... Just leave that part out. – MPost Aug 15 '19 at 05:10
after removing `using` , it still can't add the subject code and subject name – charles Aug 15 '19 at 05:38
And you are actually setting Subject_Code and Subject_Name to non-empty values instead of having them be empty strings as in the sample code above, right? – MPost Aug 15 '19 at 05:41
I modifed the answer above to assign Subject_Code / Subject_Name properly. I see that the properties of SubjectCodes were referenced directly in the SQL but not above, and so only half of the problem had been addressed. This should now work correctly. – MPost Aug 15 '19 at 06:29
it seems that `return NotFound()` is giving me an error. You have any idea what to replace the `return NotFound()`? – charles Aug 15 '19 at 07:31

Check Null or Empty String For Two Values C#

3 Answers3