-1

I have two tables, one called DogContract and one called WeeklyBooking. They both share two columns, called ContractLength and DogID.

I am currently programming a function for the user to use the GUI to input a new WeeklyBooking object into the table. I am attempting to retrieve the ContractLength value. I have a textbox where the user inputs the DogID and in theory my code is to take the ContractLength Value from DogContract and then assign it as the ContractLength for the weeklybooking object. I have a function in my WeeklyBookingDataAccess class to do this: 

        public int getContractLength(string dogID, WeeklyBooking week)
    {
        SqlCommand getCLength = new SqlCommand("SELECT ContractLength FROM WeeklyBooking WHERE DogID =" + dogID);
        try
        {
            db.Conn.Open();
            week.contractLength = (int)db.Cmd.ExecuteScalar();
        }
        catch (Exception ex)
        {
            Console.WriteLine(ex.Message);
        }
        return week.contractLength;
    }

This method is called in the function I'm using to create the WeeklyBooking object. The problem is, when I check the table data the ContractLength Value is always set to zero. Has anybody any ideas as to fix this problem? -Thanks

Tom Keenan
  • 1
  • 2
  • What response do you get if you run query from SQL Server Management Studio? If you are getting zero than the value was never written to the database. – jdweng Mar 21 '20 at 14:04
  • You are not using getCLength for anything. You are executing some other command. – Palle Due Mar 21 '20 at 14:06
  • 2
    You should be using a _parameterized query_. It removes the possibility of _SQL injection_ and correctly passes the string `dogID` without requiring quotation marks (missing in your query). – HABO Mar 21 '20 at 14:14

1 Answers1

1

You are doing something weird with Connection and SqlCommand. This should work:

public int getContractLength(string dogID, WeeklyBooking week)
{
    SqlCommand getCLength = new SqlCommand("SELECT ContractLength FROM WeeklyBooking WHERE DogID = @DogId", db.Conn);
    try
    {
        getCLength.Parameters.Add("@DogId", SqlDbType.NVarChar, 64);
        getCLength.Parameters["@DogId"].Value = dogID;
        db.Conn.Open();
        week.contractLength = (int)getCLength.ExecuteScalar();
    }
    catch (Exception ex)
    {
        Console.WriteLine(ex.Message);
    }
    return week.contractLength;
}

You need to associate your Connection and your SqlCommand. You can do that by passing the Connection to the constructor of the SqlCommand, or by asking the Connection to create the command.

Apart from that you should take a look at the using pattern and make sure your Connection and SqlCommand are created and destroyed in the right way. Note also that I'm using a named parameter, it's best practice, so you're not open to SQL-injection.

You can also use the simpler version, where you add the parameter with value:

public int getContractLength(string dogID, WeeklyBooking week)
{
    SqlCommand getCLength = new SqlCommand("SELECT ContractLength FROM WeeklyBooking WHERE DogID = @DogId", db.Conn);
    try
    {
        getCLength.Parameters.AddWithValue("@DogId", dogID);
        db.Conn.Open();
        week.contractLength = (int)getCLength.ExecuteScalar();
    }
    catch (Exception ex)
    {
        Console.WriteLine(ex.Message);
    }
    return week.contractLength;
}
Palle Due
  • 5,929
  • 4
  • 17
  • 32