0

Could someone tell me what I'm doing wrong? I've tried to accomplish this in numerous different ways, but have not been able to. Without adding the parameters in, the form runs, but I need the parameters so that I can update records if it so evaluates. I may be off track, so any help is very appreciated.

For example, if a product code is entered and doesn't have a date already, the form should update the date with the current date/time. If the product code does have a date already, it should notify the user that the product has already shipped, else telling the user that the product is not in the database.

It evaluates by querying if there is a product code and if the date is null. If that evaluates to be true, then it should update that product code with a current timestamp in the date column. If that evaluates to be false, it checks to see if the product code exists in the table at all. If it does and the date column is not null, it reports that the product has already shipped, else, it reports that the product doesn't exist in the database.

Without the following parameters, it runs fine, providing the correct responses but, of course, it doesn't ever call to update a record.

command2.Parameters.AddWithValue("@Value1", TextBox1.Text);
command2.Parameters.AddWithValue("@Value2", DateTime.Now);

With these parameters added in, I get an error stating the "The name 'command2' does not exist in the current context. But, I only get this error one. Sorry if my code is way out of line. Thanks in advance for your help!

using System;
using System.Collections.Generic;
using System.Configuration;
using System.Data;
using System.Data.SqlClient;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;

public partial class _Default : System.Web.UI.Page
{

    protected void Page_Load(object sender, EventArgs e)
    {

    }

    private string GetConnectionString()
    {
        return ConfigurationManager.ConnectionStrings["MyConnectionString"].ConnectionString;
    }

    protected void Button1_Click(object sender, EventArgs e)
    {
        using (SqlConnection connection = new SqlConnection(GetConnectionString()))
        {
            try
            {
                connection.Open();

                string sql = @"SELECT PRODUCT_ID from PRODUCTS where PRODUCT_ID = " + TextBox1.Text + " and DATE is null";

                using(SqlCommand command = new SqlCommand(sql, connection))
                {
                    using(SqlDataReader reader = command.ExecuteReader())
                    {
                        if(reader.HasRows)
                        {
                            string sql2 = @"UPDATE [products] SET date=@Value2 where PRODUCT_ID=@Value1";
                            using (SqlCommand command2 = new SqlCommand(sql2, connection))
                                command2.Parameters.AddWithValue("@Value1", TextBox1.Text);
                                command2.Parameters.AddWithValue("@Value2", DateTime.Now);
                            pageBody.Attributes.Add("bgcolor", "#9aff8e");
                            Label1.Text = "Item " + TextBox1.Text + " Recorded!";
                            TextBox1.Text = "";
                        }
                        else
                        {
                            reader.Close();
                            string sql3 = @"SELECT PRODUCT_ID from PRODUCTS where PRODUCT_ID = " + TextBox1.Text + "";

                            using(SqlCommand command3 = new SqlCommand(sql3, connection))
                            {
                                using(SqlDataReader reader2 = command3.ExecuteReader())
                                {
                                    if (reader2.HasRows)
                                    {
                                        pageBody.Attributes.Add("bgcolor", "#fbff8e");
                                        Label1.Text = "Item " + TextBox1.Text + " Already Shipped!";
                                        TextBox1.Text = "";
                                    }
                                    else
                                    {
                                        pageBody.Attributes.Add("bgcolor", "#ff8e8e");
                                        Label1.Text = "Item " + TextBox1.Text + " Not Found!";
                                        TextBox1.Text = "";
                                    }
                                }
                            }
                        }
                    }
                }
            }
            finally
            {
                if(connection.State != ConnectionState.Closed)
                {
                    connection.Close();
                }
            }
        }
    }

}
Improve this question
1
  • Make sure you use Parameterised queries for every query, even selects. You are still open for SQL injection on those select statements. xkcd.com/327 Commented Dec 21, 2017 at 3:01

2 Answers 2

Reset to default
1

Put your parameters assignment inside a bracket and don't forget to call the execute method.

using (var command2 = new SqlCommand(sql2, connection)) 
{
    command2.Parameters.AddWithValue("@Value1", TextBox1.Text);
    command2.Parameters.AddWithValue("@Value2", DateTime.Now);
    command2.ExecuteNonQuery();
}
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

When I've modified my code as shown above, I receive an error stating, "There is already an open DataReader associated with this Command which must be closed first". The debugger highlights: Line 44: command2.ExecuteNonQuery();
I have overcame this error by allowing MultipleActiveResultSets=true in my ConnectionString. Thanks for everyone's help!
Glad to hear that!
1 
using (SqlCommand command2 = new SqlCommand(sql2, connection)) {
      command2.Parameters.AddWithValue("@Value1", TextBox1.Text);
      command2.Parameters.AddWithValue("@Value2", DateTime.Now);
}

Forgot your brackets.

Improve this answer

2 Comments

After having added the brackets, the web form is working, however, it is still not updating records. Not sure what I'm missing..
Sorry, I'm not pro here, but aren't you missing a step where you actually EXECUTE the command? Something like command2.execute after you have put in your parameters?

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.