Populate multiple text boxes with SqlDataReader

Question

I am trying to populate 11 textboxes, using my database information.

private void button5_Click(object sender, EventArgs e)
{
    SqlConnection CN = new SqlConnection();

    CN.ConnectionString = cons;

    try
    {
        CN.Open();

        SqlCommand cmd = new SqlCommand("SELECT  FROM Lista1 WHERE DescripcionNombre = "
        ' + comboBox1.text + '
        "",
        CN)
        ;

        SqlDataReader myReader = cmd.ExecuteReader();

    }
    catch
    {
        MessageBox.Show("You failed!");
    }
}

It always fails, not even able to get that right....

Welcome to StackOverflow. Please be much more specific about how it fails, including posting the full stack trace. Are you able to access the database via the command prompt or a GUI interface program? — musical_coder, May 02 '14 at 04:24

score 2 · Answer 1 · edited May 02 '14 at 05:54

The error is in this line of code

SqlCommand cmd = new SqlCommand("SELECT  FROM Lista1 WHERE DescripcionNombre = "' + comboBox1.text + '"", CN);

It should be either like this

SqlCommand cmd = new SqlCommand("SELECT * FROM Lista1 WHERE DescripcionNombre = '" + comboBox1.text + """, CN);

Or

SqlCommand cmd = new SqlCommand("SELECT Column1_name, column2_name FROM Lista1 WHERE DescripcionNombre = '" + comboBox1.text + "'", CN);

As you have not selected any columns it didn't work as you expected.

And in the side note pass paramater value instead of passing the value straight from the field values. so that you can avoid SQL Injection

SqlCommand cmd = new SqlCommand("SELECT Column1_name, column2_name FROM Lista1 WHERE DescripcionNombre = @DescripcionNombre", CN);
cmd.Parameters.AddWithValue("@DescripcionNombre", comboBox1.text);

score 1 · Answer 2 · answered May 02 '14 at 04:30

The first order of business would be to write this line properly:

SqlCommand cmd = new SqlCommand("SELECT  FROM Lista1 WHERE DescripcionNombre = "' + comboBox1.text + '"", CN);

That's not valid SQL or C#. You need to specify which columns to retrieve from the table. If want all columns then use a wildcard. The next order of business is to learn how to concatenate strings. If you want single quotes to be part of the string literal then they have to be inside the double quotes.

SqlCommand cmd = new SqlCommand("SELECT * FROM Lista1 WHERE DescripcionNombre = '" + comboBox1.text + "'", CN);

That's quite elementary stuff. You should spend some time reading a tutorial or two.

Once that's done, you then need to actually read the data from the data reader. This can help with that. Note the use of parameters rather than string concatenation in those examples? You can learn more about that here.

score 1 · Answer 3 · answered May 02 '14 at 04:32

SqlCommand cmd = new SqlCommand("SELECT  FROM Lista1 WHERE DescripcionNombre = "' + comboBox1.text + '"", CN);

You are not selecting any columns or expressions in your SELECT
Your single and double quotes are backwards in the concatenation
You should get in the habit of using parameters instead of concatenating SQL (for several reasons, not the least of which is SQL Injection vulnerability)

A valid statement would be:

SqlCommand cmd = new SqlCommand("SELECT * FROM Lista1 WHERE DescripcionNombre = '"
                               + comboBox1.text 
                               + "'", CN);

score 1 · Answer 4 · edited May 23 '17 at 12:33

You forget to mention column name which you need to fetch in query

Always use parameterized queries How does SQLParameter prevent SQL Injection

SqlCommand cmd = new SqlCommand("SELECT * FROM Lista1 WHERE DescripcionNombre=@DescripcionNombre, CN);
cmd.Parameters.AddWithValue("@DescripcionNombre", comboBox1.text);

But your query should be like this

SqlCommand cmd = new SqlCommand("SELECT * FROM Lista1 WHERE DescripcionNombre = '" + comboBox1.text + "'", CN);

Populate multiple text boxes with SqlDataReader

4 Answers4