When I run my code on debug I get this error:
Conversion failed when converting from a string to a uniqueidentifier
Here is the code:
public class UserObject
{
private string m_name = string.Empty;
public UserObject(string id)
{
#region Internal Logic
try
{
using (SqlConnection cn = new SqlConnection(SiteConfig.ConnectionString))
{
string sSQL = "SELECT [UserName] FROM [aspnet_users] WHERE [UserID] = #UserID";
using (SqlCommand cm = new SqlCommand(sSQL, cn))
{
cm.Parameters.AddWithValue("#UserID", id);
cn.Open();
using (SqlDataReader rd = cm.ExecuteReader())
{
while (rd.Read())
{
m_name = rd[0].ToString();
}
rd.Close();
}
cn.Close();
}
}
}
catch (Exception ex)
{
}
#endregion Internal logic
}
}
You said in your comment to the question that id does not have a value when being passed into the method. From the database point of view, uniqueidentifiers can be null (DBNull in C#), but to achieve this, you'd have to leave out the parameter or set DBNull.Value explicitly.
In C#, Guid can not be null - so you must either provide Guid.Empty or a string that can be converted to a Guid in the call to AddWithValue.
EDIT
Sample code follows: Please note that given the SQL statement you use, you won't get any results for the Guid.Empty case unless you have a user the ID of which contains only 0s. I suggest, you change the where clause of your SQL statement as follows:
WHERE [UserId] = ISNULL(#UserID, [UserId])
That way, you get all users when you pass null.
public UserObject(string id)
{
try
{
using (SqlConnection cn = new SqlConnection(SiteConfig.ConnectionString))
{
string sSQL = "SELECT [UserName] FROM [aspnet_users] WHERE [UserID] = #UserID";
using (SqlCommand cm = new SqlCommand(sSQL, cn))
{
if (id.Length == 0)
cm.Parameters.AddWithValue("#UserID", Guid.Empty);
else if (id == null)
cm.Parameters.AddWithValue("#UserID", DBNull.Value);
else
cm.Parameters.AddWithValue("#UserID", Guid.Parse(id));
cn.Open();
using (SqlDataReader rd = cm.ExecuteReader())
{
while (rd.Read())
{
m_name = rd[0].ToString();
}
rd.Close();
}
cn.Close();
}
}
}
catch (Exception ex)
{
}
Related
I have a DAL function that needs to call a stored procedure and get the dataset, along with a couple of OUT parameters. I can get the resulting dataset but not sure how to get the parameters.
Normally, the parameters are available through cmd.Parameters["ParamName"].Value but I am using another API to make the DB connection and return the resulting dataset, not sure how to get the OUT parameters in addition to dataset.
Here is what i have, so far:
Public static int getSomething(string inParam, out DataTable dtOut, out string outParam1, out string outParam2)
{
OracleDbCntext dbContext = new OracleDbContext();
DataSet dsOut = new DataSet()
DataTable dtOut = new dataTable();
....
try
{
List<OracleParameter> spParams = new List<OracleParameter>();
spParams.Add(new OracleParameter("INPARAM", OracleDbType.Varchar2, receptacleID, ParameterDirection.Input));
spParams.Add(new OracleParameter("OUTARAM1", OracleDbType.TimeStamp, null, ParameterDirection.Output));
spParams.Add(new OracleParameter("OUTARAM2", OracleDbType.TimeStamp, null, ParameterDirection.Output));
spParams.Add(new OracleParameter("CUR_OUT", OracleDbType.RefCursor, ParameterDirection.Output));
try
{
dbContext.Open();
dbContext.ExecuteStoredProcedure("SOME_PKG.USP_SOMESP", spParams, ref dsOutcome);
}
catch (Exception oConnException)
{
}
if (dsOut != null)
{
if (dsOut.Tables[0].Rows.Count > 0)
{
dtOut = dsOut.Tables[0];
//outParam1 = ????
//outParam2 = ????
}
}
}
}
namespace Something.Model.DataAccess
{
public class OracleDbContext
{
public OracleConnection DbConnection { get; private set; }
public OracleDbContext()
{
string ConnectionString = ConfigurationManager.ConnectionStrings["DefaultConnectionString"].ConnectionString;
DbConnection = new OracleConnection(ConnectionString);
}
public void Open()
{
if (DbConnection.State != ConnectionState.Open)
{
DbConnection.Close();
DbConnection.Open();
}
}
public void Close()
{
if (DbConnection.State == ConnectionState.Open || DbConnection.State == ConnectionState.Broken)
{
DbConnection.Close();
DbConnection.Dispose();
}
}
public void ExecuteStoredProcedure(string spName, List<OracleParameter> spParams, ref DataSet dataset)
{
OracleDataAdapter da = null;
OracleTransaction oraTransaction = null;
using (OracleCommand command = new OracleCommand())
{
command.CommandType = CommandType.StoredProcedure;
command.Parameters.AddRange(spParams.ToArray<OracleParameter>());
command.Connection = DbConnection;
command.CommandText = spName;
try
{
oraTransaction = DbConnection.BeginTransaction();
da = new OracleDataAdapter(command);
da.Fill(dataset);
oraTransaction.Commit();
}
catch (Exception e)
{
oraTransaction.Rollback();
}
finally
{
if (oraTransaction != null)
oraTransaction.Dispose();
if (DbConnection != null)
{
this.Close();
}
}
}
}
Stored Procedure in SOME_PKG:
PROCEDURE USP_SOMESP
(
INPARAM VARCHAR2,
OUTPARAM1 OUT TIMESTAMP,
OUTPARAM2 OUT TIMESTAMP,
CUR_OUT OUT GETDATACURSOR
)
....
LVSQUERY:='SELECT FIELD1, '''|| V_EVENTCODE ||''' AS EVENTCODE, ...
WHERE SOMETHING= '''|| V_LOC1||''' ';
OPEN CUR_OUT FOR LVSQUERY;
EXCEPTION WHEN OTHERS THEN
...;
END USP_SOMESP;
As you have a layer in the middle you might need to change your code a little bit.
Change this
spParams.Add(new OracleParameter("OUTARAM1", OracleDbType.TimeStamp, null, ParameterDirection.Output));
with
var outParam1 = new OracleParameter("OUTARAM1", OracleDbType.TimeStamp, null, ParameterDirection.Output);
spParams.Add(outParam1);
And then use the Value property:
outParam1.Value;
According to the documentation:
For output parameters the value is:
Set on completion of the OracleCommand (true for return value parameters also).
Set to the data from the database, to the data type specified in OracleDbType or DbType.
I would like to find a way to exit out of datareader after the if statement so that I can execute the insert query in else statement. Is there a way to do it?
I am getting the error that dr is still open and hence cannot perform the below query.
sVendorDetails.VendorID = insertcmd.ExecuteNonQuery();
Here is the code:
public class VendorDetails
{
int _VendorID;
string _VendorName;
public int VendorID
{
set { _VendorID = value; }
get { return _VendorID; }
}
public string VendorName
{
set { _VendorName = value; }
get { return _VendorName; }
}
}
public VendorDetails VendorCheck(string sVendorName)
{
SqlCommand cmd = new SqlCommand("dbo.usp_GetVendorByVendorName", myConnection);
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add(new SqlParameter("#VendorName", SqlDbType.VarChar));
cmd.Parameters["#VendorName"].Value = sVendorName;
VendorDetails sVendorDetails = null;
try
{
myConnection.Open();
SqlDataReader dr = cmd.ExecuteReader();
if (dr.HasRows)
{
while (dr.Read())
{
sVendorDetails = new VendorDetails();
sVendorDetails.VendorID = ((int)dr["VendorID"]);
sVendorDetails.VendorName = ((string)dr["VendorName"]).ToUpper().Trim();
}
}
else if (dr.HasRows!= true)
{
ClientScript.RegisterStartupScript(this.GetType(), "alert", "alert('VendorName:" + sVendorName + " not found. Inserting Vendor details into Vendor and Invoice table.')", true);
SqlCommand insertcmd = new SqlCommand("dbo.InsertVendorName", myConnection);
insertcmd.CommandType = CommandType.StoredProcedure;
insertcmd.Parameters.Add(new SqlParameter("#VendorName", SqlDbType.VarChar));
insertcmd.Parameters["#VendorName"].Value = sVendorName;
sVendorDetails = new VendorDetails();
sVendorDetails.VendorID = insertcmd.ExecuteNonQuery();
sVendorDetails.VendorName = sVendorName;
}
dr.Close();
return sVendorDetails;
}
catch (SqlException err)
{
throw new ApplicationException("DB usp_GetVendorByVendorName Error: " + err.Message);
}
finally
{
myConnection.Close();
}
}
You will need to close/dispose of your DataReader prior to reusing the connection, as it's still being used.
Maybe something like this?
var readerHasRows = false;
using (var dr = cmd.ExecuteReader())
{
readerHasRows = dr.HasRows;
if(readerHasRows)
{
while (dr.Read())
{
sVendorDetails = new VendorDetails();
sVendorDetails.VendorID = ((int)dr["VendorID"]);
sVendorDetails.VendorName = ((string)dr["VendorName"]).ToUpper().Trim();
}
}
}
if(!readerHasRows)
{
ClientScript.RegisterStartupScript(this.GetType(), "alert", "alert('VendorName:" + sVendorName + " not found. Inserting Vendor details into Vendor and Invoice table.')", true);
SqlCommand insertcmd = new SqlCommand("dbo.InsertVendorName", myConnection);
insertcmd.CommandType = CommandType.StoredProcedure;
insertcmd.Parameters.Add(new SqlParameter("#VendorName", SqlDbType.VarChar));
insertcmd.Parameters["#VendorName"].Value = sVendorName;
sVendorDetails = new VendorDetails();
VendorDetails.VendorID = insertcmd.ExecuteNonQuery();
sVendorDetails.VendorName = sVendorName;
}
There are a few things I would like to mention
Your main issue is that you are not closing your DataReader. You can use the using statement for it
You don't need to explicitly open and close the SqlConnection. The SqlCommand object will do it as needed.
You don't need to check with if (dr.HasRows) and then check again in while (dr.Read()). Also, you don't need to loop to pick up only one row of data.
Ideally, I would put the "Fetch" part in a separate function and the "insert" in a separate function, so the functions stay small and reusable.
Your pattern is superfluous if (flag) {TakeAction();} else if (!flag) {TakeAction2();}. Every time the code hits theelse, it will also hit theif (!flag)`
sVendorDetails.VendorID = insertcmd.ExecuteNonQuery(); line looks fishy. If your Stored Procedure returns the VendorId, then you should use ExecuteScalar. Currently it is just storing 1 in all case since you are presumably inserting one row.
Don't discard the original SqlException when creating a custom ApplicationException. Upstream system might want to know more details than you are passing. Pass it along as the InnerException
I have also changed some stylistic aspects:
The variable names changed to the more commonly used camelCase, instead of the incorrectly used Hungarian Notation (sVendorDetails instead of oVendorDetails)
Brace in K&R style
Used var when the right side is a new statement
Use Object Initializers instead of creation+assignment
Below is the code
public VendorDetails VendorCheck(string vendorName, SqlConnection myConnection) {
try {
return GetVendor(vendorName, myConnection) ?? InsertVendor(vendorName, myConnection);
} catch (SqlException err) {
throw new ApplicationException("DB usp_GetVendorByVendorName Error: " + err.Message, err);
}
}
VendorDetails GetVendor(string vendorName, SqlConnection myConnection) {
using (var cmd = new SqlCommand("dbo.usp_GetVendorByVendorName", myConnection)) {
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add(new SqlParameter("#VendorName", SqlDbType.VarChar));
cmd.Parameters["#VendorName"].Value = vendorName;
using (SqlDataReader dr = cmd.ExecuteReader()) {
ClientScript.RegisterStartupScript(this.GetType(), "alert", "alert('VendorName:" + vendorName + " not found. Inserting Vendor details into Vendor and Invoice table.')", true); // TODO: Does this really belong here!?!?
if (dr.Read()) {
return new VendorDetails {
VendorID = ((int)dr["VendorID"]),
VendorName = ((string)dr["VendorName"]).ToUpper().Trim()
};
}
}
}
return null;
}
VendorDetails InsertVendor(string vendorName, SqlConnection myConnection) {
using (var insertcmd = new SqlCommand("dbo.InsertVendorName", myConnection)) {
insertcmd.CommandType = CommandType.StoredProcedure;
insertcmd.Parameters.Add(new SqlParameter("#VendorName", SqlDbType.VarChar));
insertcmd.Parameters["#VendorName"].Value = vendorName;
return new VendorDetails {
VendorID = (int)insertcmd.ExecuteScalar(),
VendorName = vendorName
};
}
}
Hi all below is my snippet of C# codes with multiple insert statement. I put them into a transaction bracket and I using prepared statement. My challenge for instance I know I got issue in now cmdText3 but there is no any error message generated. How in this scenario where should I be adding extra try and catch to help me debug and alert me on the error? Can in prepared statement I see what is the exact query being executed with the data?
myCon getMyCon1 = new myCon();
MySqlConnection con = getMyCon1.GetConnection();
using (MySqlTransaction trans = con.BeginTransaction())
{
try
{
long rID = 0;
String cmdText1 = "INSERT INTO record1(fiscalPeriod,financialYear) VALUES(#fiscalPeriod,#financialYear)";
using (MySqlCommand cmd = new MySqlCommand(cmdText1, con, trans))
{
cmd.Parameters.AddWithValue("#fiscalPeriod", fiscalPeriod.SelectedValue);
cmd.Parameters.AddWithValue("#financialYear", financialYear.SelectedValue);
cmd.ExecuteNonQuery();
cmd.Parameters.Clear();
rID = cmd.LastInsertedId;
}
foreach (object line in linesC)
{
if (line.GetType() == typeof(TypeC))
{
TypeC typesC = (TypeC)line;
String companyName = typesC.comName;
String periodStart = typesC.periodStart;
String periodEnd = typesC.periodEnd;
String cmdText2 = "INSERT INTO record2(rID,companyName,,periodStart,periodEnd,) VALUES(#rID,#companyName,#periodStart,#periodEnd)";
using (MySqlCommand cmd = new MySqlCommand(cmdText2, con, trans))
{
cmd.Parameters.AddWithValue("#rID", rID);
cmd.Parameters.AddWithValue("#companyName", companyName);
cmd.Parameters.AddWithValue("#periodStart", periodStart);
cmd.Parameters.AddWithValue("#periodEnd", periodEnd);
cmd.ExecuteNonQuery();
cmd.Parameters.Clear();
}
}
}
foreach (object line in linesP)
{
if (line.GetType() == typeof(TypeP))
{
TypeP typesP = (TypeP)line;
String supplierName = typesP.supName;
String invoiceDate = typesP.invoiceDate;
String invoiceNo = typesP.invoiceNo;
String cmdText3 = "INSERT INTO record2(rID,supplierName,invoiceDate,invoiceNo) VALUES(#rID,#supplierName,#invoiceDate,#invoiceNo,)";
using (MySqlCommand cmd = new MySqlCommand(cmdText3, con, trans))
{
cmd.Parameters.AddWithValue("#rID", rID);
cmd.Parameters.AddWithValue("#supplierName", supplierName);
cmd.Parameters.AddWithValue("#invoiceDate", invoiceDate);
cmd.Parameters.AddWithValue("#invoiceNo", invoiceNo);
cmd.ExecuteNonQuery();
cmd.Parameters.Clear();
}
}
}
trans.Commit();
}
catch (Exception ex)
{
trans.Rollback();
}
}
con.Close()
You can see the exact query using the Sql Profiler app. This will allow you to see both the queries generated and the responses from Sql Server.
https://msdn.microsoft.com/en-us/library/ms181091.aspx
The following:
String cmdText3 = "INSERT INTO record2(rID,supplierName,invoiceDate,invoiceNo) VALUES(#gafID,#supplierName,#invoiceDate,#invoiceNo,)";
Does not correspond with the first parameter you're specifying here:
cmd.Parameters.AddWithValue("#rID", rID);
cmd.Parameters.AddWithValue("#supplierName", supplierName);
cmd.Parameters.AddWithValue("#invoiceDate", invoiceDate);
cmd.Parameters.AddWithValue("#invoiceNo", invoiceNo);
Replace:
VALUES(#gafID,#supplierName,#invoiceDate,#invoiceNo,)
With:
VALUES(#rID,#supplierName,#invoiceDate,#invoiceNo)
Alternatively you can re-name:
cmd.Parameters.AddWithValue("#rID", rID);
To:
cmd.Parameters.AddWithValue("#gafID", rID);
I have written a program to verify username and password using 3 tier architecture in Visual Studio 10. In the DAL, ExecuteNonQuery statement returns '-1'. But I want it to return '1' if username and password are correct or '0'if not correct.
Code snipped for DAL:
public class LoginDataAccess
{
SqlConnection con;
string constr = ConfigurationManager.ConnectionStrings["localhostakash"].ToString();
public int LoginData(LoginEntity elOj)
{
try
{
con = new SqlConnection(constr);
int result;
if(ConnectionState.Closed==con.State)
con.Open();
SqlCommand cmd = new SqlCommand("uspuserlogin", con);
cmd.CommandType = System.Data.CommandType.StoredProcedure;
cmd.Parameters.AddWithValue("#Username", elOj.Username);
cmd.Parameters.AddWithValue("#Password", elOj.Password);
result = Convert.ToInt32(cmd.ExecuteNonQuery());
return result;
}
catch (Exception ex)
{
throw ex;
}
finally
{
con.Close();
}
}
}
Code snippet for BLL:
public class LoginLogic
{
LoginDataAccess lda = new LoginDataAccess();
public int userValidate(LoginEntity le)
{
int result = 0;
try
{
result = Convert.ToInt32(lda.LoginData(le));
}
catch (Exception ex)
{
//response.write(ex.Message);
}
return result;
}
}
Code snippet for button function:
protected void Button1_Click(object sender, EventArgs e)
{
LoginLogic ll = new LoginLogic();
LoginEntity le = new LoginEntity();
int v;
le.Username = TextBox1.Text;
le.Password = TextBox2.Text;
v = Convert.ToInt32(ll.userValidate(le));
if (v == 1)
{
Label1.Text = "LOGGED IN SUCCESSFULLY!";
}
else
{
Label1.Text = "TRY AGAIN...";
}
}
Here is the documentation:
For UPDATE, INSERT, and DELETE statements, the return value is the number of rows affected by the command. When a trigger exists on a table being inserted or updated, the return value includes the number of rows affected by both the insert or update operation and the number of rows affected by the trigger or triggers. For all other types of statements, the return value is -1. If a rollback occurs, the return value is also -1.
Read more here: https://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlcommand.executenonquery.aspx
You are calling a stored procedure "uspuserlogin". That's why ExecuteNonQuery returns -1.
You can return value as row if you need to know result of operation.
ALTER PROCEDURE [dbo].[uspuserlogin]
#username nvarchar(255),
#password nvarchar(255)
AS
BEGIN
SELECT COUNT(*) AS Found
FROM [Users]
WHERE [Username] = #username AND [Password] = #password
END
In code:
var obj = cmd.ExecuteScalar();
return (int)obj;
// Somewhere in code
if (loginDataAccess.LoginData(loginEntity) == 1)
// Authorize
Of course, you can transform it to bool for your convenience:
public bool LoginData(LoginEntity elOj)
{
try
{
con = new SqlConnection(constr);
int result;
if(ConnectionState.Closed==con.State)
con.Open();
SqlCommand cmd = new SqlCommand("uspuserlogin", con);
cmd.CommandType = System.Data.CommandType.StoredProcedure;
cmd.Parameters.AddWithValue("#Username", elOj.Username);
cmd.Parameters.AddWithValue("#Password", elOj.Password);
var obj = cmd.ExecuteScalar();
return ((int)obj > 0);
}
catch (Exception ex)
{
throw ex;
}
finally
{
con.Close();
}
}
I am working in a simple registration page where the user can't enter the same user name or email, I made a code that prevent the user from entering the username and it worked but when I tried to prevent the user from entring the same username or email it didn't work.
and my question is, "How can I add another condition where the user can't enter email that already exists?"
I tried to do it in this code, but it did't work:
protected void Button_Click(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection( ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString );
SqlCommand cmd1 = new SqlCommand("select 1 from Table where Name =#UserName", con);
SqlCommand cmd2 = new SqlCommand("select 1 from Table where Email=#UserEmail", con);
con.Open();
cmd1.Parameters.AddWithValue("#UserName", Name_id.Text);
cmd2.Parameters.AddWithValue("#UserEmail", Email_id.Text);
using (var dr1 = cmd1.ExecuteReader())
{
if (dr1.HasRows)
{
Label1.Text = "user name already exists";
}
using (var dr2 = cmd2.ExecuteReader())
{
if (dr2.HasRows)
{
Label1.Text = "email already exists";
}
else
{
dr1.Close();
dr2.Close();
//add new users
con.Close();
}
}
}
}
but i get this error:
There is already an open DataReader associated with this Command which must be closed first.
Like I said in my comment your design is bad !
First you should have Data Access Layer. This should be project in big solutions but in your case you can put it like new directory. In this directory you create SqlManager class here is the code:
public class SqlManager
{
public static string ConnectionString
{
get
{
return ConfigurationManager.ConnectionStrings["DevConnString"].ConnectionString;
}
}
public static SqlConnection GetSqlConnection(SqlCommand cmd)
{
if (cmd.Connection == null)
{
SqlConnection conn = new SqlConnection(ConnectionString);
conn.Open();
cmd.Connection = conn;
return conn;
}
return cmd.Connection;
}
public static int ExecuteNonQuery(SqlCommand cmd)
{
SqlConnection conn = GetSqlConnection(cmd);
try
{
return cmd.ExecuteNonQuery();
}
catch
{
throw;
}
finally
{
conn.Close();
}
}
public static object ExecuteScalar(SqlCommand cmd)
{
SqlConnection conn = GetSqlConnection(cmd);
try
{
return cmd.ExecuteScalar();
}
catch
{
throw;
}
finally
{
conn.Close();
}
}
public static DataSet GetDataSet(SqlCommand cmd)
{
return GetDataSet(cmd, "Table");
}
public static DataSet GetDataSet(SqlCommand cmd, string defaultTable)
{
SqlConnection conn = GetSqlConnection(cmd);
try
{
DataSet resultDst = new DataSet();
using (SqlDataAdapter adapter = new SqlDataAdapter(cmd))
{
adapter.Fill(resultDst, defaultTable);
}
return resultDst;
}
catch
{
throw;
}
finally
{
conn.Close();
}
}
public static DataRow GetDataRow(SqlCommand cmd)
{
return GetDataRow(cmd, "Table");
}
public static DataRow GetDataRow(SqlCommand cmd, string defaultTable)
{
SqlConnection conn = GetSqlConnection(cmd);
try
{
DataSet resultDst = new DataSet();
using (SqlDataAdapter adapter = new SqlDataAdapter(cmd))
{
adapter.Fill(resultDst, defaultTable);
}
if (resultDst.Tables.Count > 0 && resultDst.Tables[0].Rows.Count > 0)
{
return resultDst.Tables[0].Rows[0];
}
else
{
return null;
}
}
catch
{
throw;
}
finally
{
conn.Close();
}
}
}
After that you should have Business Object Layer. In bigger solution is project in your case directory. If you are in the page TaxesEdit.aspx, you should add Tax.cs class in the BO(business object).
Example of methods for the class, for your first button:
public DataSet GetTaxesByUserName(string userName)
{
SqlCommand cmd = new SqlCommand(#"
select 1 from Table where Name =#UserName");
cmd.Parameters.AddWithValue("#UserName", userName);
return DA.SqlManager.GetDataSet(cmd);
}
You fetch all the needed data in datasets. After that you make checks like taxesDst.Tables[0].Rows.Count > 0 (or == 0)
For Insert you can have method like this:
public virtual void Insert(params object[] colValues)
{
if (colValues == null || colValues.Length % 2 != 0)
throw new ArgumentException("Invalid column values passed in. Expects pairs (ColumnName, ColumnValue).");
SqlCommand cmd = new SqlCommand("INSERT INTO " + TableName + " ( {0} ) VALUES ( {1} )");
string insertCols = string.Empty;
string insertParams = string.Empty;
for (int i = 0; i < colValues.Length; i += 2)
{
string separator = ", ";
if (i == colValues.Length - 2)
separator = "";
string param = "#P" + i;
insertCols += colValues[i] + separator;
insertParams += param + separator;
cmd.Parameters.AddWithValue(param, colValues[i + 1]);
}
cmd.CommandText = string.Format(cmd.CommandText, insertCols, insertParams);
DA.SqlManager.ExecuteNonQuery(cmd);
}
For this you need to have property TableName in the current BO class.
In this case this methods can be used everywhere and you need only one line of code to invoke them and no problems like yours will happen.
You have opened another DataReader inside the First and thats causing the problem. Here I have re-arranged your code a bit
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString);
SqlCommand cmd1 = new SqlCommand("select 1 from Table where Name =#UserName", con),
cmd2 = new SqlCommand("select 1 from Table where Email=#UserEmail", con);
con.Open();
cmd1.Parameters.AddWithValue("#UserName", Name_id.Text);
cmd2.Parameters.AddWithValue("#UserEmail", Email_id.Text);
bool userExists = false, mailExists = false;
using (var dr1 = cmd1.ExecuteReader())
if (userExists = dr1.HasRows) Label1.Text = "user name already exists";
using (var dr2 = cmd2.ExecuteReader())
if (mailExists = dr2.HasRows) Label1.Text = "email already exists";
if (!(userExists || mailExists)) {
// can add User
}
You need to close one datareader before opening the other one. Although it's not how I'd do it, but you can deal with the runtime error by closing the datareader after each IF:
using (var dr1 = cmd1.ExecuteReader())
{
if (dr1.HasRows)
{
string Text = "user name already exists";
}
dr1.Close();
}
using (var dr2 = cmd2.ExecuteReader())
{
if (dr2.HasRows)
{
string ext = "email already exists";
}
else
{
//add new users
}
dr2.Close();
}
con.Close();
This may work, although there are a few things I would do differently...
protected void Button_Click(object sender, EventArgs e)
{
bool inputIsValid = true;
var con = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString);
var userNameCmd = new SqlCommand("SELECT 1 FROM Table WHERE Name = #UserName", con);
var emailCmd = new SqlCommand("SELECT 1 FROM Table WHERE Email = #UserEmail", con);
con.Open();
userNameCmd.Parameters.AddWithValue("#UserName", Name_id.Text);
emailCmd.Parameters.AddWithValue("#UserEmail", Email_id.Text);
using (var userNameReader = userNameCmd.ExecuteReader())
{
if (userNameReader.HasRows)
{
inputIsValid = false;
Label1.Text = "User name already exists";
}
}
using (var emailReader = emailCmd.ExecuteReader())
{
if (emailReader.HasRows)
{
inputIsValid = false;
Label1.Text = "Email address already exists";
}
}
if (inputIsValid)
{
// Insert code goes here
}
con.Close();
}
Why don't you do something like this:
[Flags]
public enum ValidationStatus
{
Valid = 0 ,
UserNameInUse = 1 ,
EmailInUse = 2 ,
}
public ValidationStatus ValidateUser( string userName , string emailAddr )
{
ValidationStatus status ;
string connectionString = ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString ;
using ( SqlConnection con = new SqlConnection( connectionString ) )
using ( SqlCommand cmd = con.CreateCommand() )
{
cmd.CommandText + #"
select status = coalesce( ( select 1 from dbo.myTable t where t.UserName = #UserName ) , 0 )
+ coalesce( ( select 2 from dbo.myTable t where t.UserEmail = #UserEmail ) , 0 )
" ;
cmd.Parameters.AddWithValue( "#UserName" , userName ) ;
cmd.Parameters.AddWithValue( "#emailAddr" , emailAddr ) ;
int value = (int) cmd.ExecuteScalar() ;
status = (ValidationStatus) value ;
}
return status ;
}
Aside from anything else, hitting the DB twice for something like this is silly. And this more clearly expresses intent.
Then you can use it in your button click handler, something like this:
protected void Button_Click( object sender , EventArgs e )
{
string userName = Name_id.Text ;
string emailAddr = Email_id.Text ;
ValidationStatus status = ValidateUser( userName , emailAddr ) ;
switch ( status )
{
case ValidationStatus.Valid :
Label1.Text = "" ;
break ;
case ValidationStatus.EmailInUse :
Label1.Text = "Email address in use" ;
break ;
case ValidationStatus.UserNameInUse :
Label1.Text = "User name in use" ;
break ;
case ValidationStatus.EmailInUse|ValidationStatus.UserNameInUse:
Label1.Text = "Both user name and email address in use." ;
break ;
default :
throw new InvalidOperationException() ;
}
if ( status == ValidationStatus.Valid )
{
CreateNewUser() ;
}
}