c# beginner-How to use if-statement to check textbox is empty?

Question

I'm using textbox to insert the data to the database. However I don't want to insert null or empty value to the database. How can I use if-statement to check the textbox is empty? (which means if the textbox is empty, show a dialog to required user input data)

Here is my code:

 private void submit_button_Click(object sender, EventArgs e)
        {

        string constring = "datasource=localhost;username=root;password=";
        string Query = "INSERT INTO bug.bug (Bug_ID, title, Type_of_bug, software, software_version, description, step_to_reproduction, severity, priority, symptom) values('" + this.bugid_txt.Text+"', '" + this.title_txt.Text + "','" + this.comboBox1.Text + "','" + this.software_txt.Text + "','" + this.software_version_txt.Text + "','" + this.description_txt.Text + "','" + this.step_to_reproduction_txt.Text + "','" + this.severity_combo.Text + "','" + this.priority_combo.Text + "','" + this.symptom_txt.Text + "')";

        MySqlConnection conDataBase = new MySqlConnection(constring);
        MySqlCommand cmdDataBase = new MySqlCommand(Query, conDataBase);
        MySqlDataReader myReader;
        try
        {
            conDataBase.Open();
            myReader = cmdDataBase.ExecuteReader();
            MessageBox.Show("The Bug have been reported");
            while(myReader.Read())
            {

            }
            this.Close();
        }catch(Exception ex)
        {
            MessageBox.Show(ex.Message);
        }
    }

Like `if(yourTextBox.Text != string.Empty)`? But more important, you should always use [parameterized queries](http://blog.codinghorror.com/give-me-parameterized-sql-or-give-me-death/). This kind of string concatenations are open for [SQL Injection](http://en.wikipedia.org/wiki/SQL_injection) attacks. Also use `using` statement to dispose your connection and command automatically instead of calling `Close` method manually. — Soner Gönül, Jan 06 '16 at 07:48
Btw read about [Sql Injection](http://blog.codinghorror.com/give-me-parameterized-sql-or-give-me-death/). Use **Parameterized queries**. — Sriram Sakthivel, Jan 06 '16 at 07:49
And use `ExecuteNonQuery` instead of `ExecuteReader` to execute your `INSERT` statement. — Soner Gönül, Jan 06 '16 at 07:49
Possible duplicate of [Best way to check whether a TextBox is empty or not](http://stackoverflow.com/questions/34298857/best-way-to-check-whether-a-textbox-is-empty-or-not) — Alex, Jan 06 '16 at 08:56

score 1 · Answer 1 · edited May 23 '17 at 12:03

1

You can use string.IsNullOrEmpty or string.IsNullOrWhiteSpace methods for checking if string is empty or only containts white spaces.

You should also avoid joining query using +. Use paratrized queries better. Example.

edited May 23 '17 at 12:03

Community

1
1

answered Jan 06 '16 at 07:47

Dovydas Šopa

2,282
8
26
34

score 1 · Answer 2 · answered Jan 06 '16 at 07:48

Try like this:

if (string.IsNullOrWhiteSpace(MyTextBox.Text)) 
{
   //some message
}

This will handle the whitespace also (if it is present in your text box.)

On a side note:

Your code is prone to SQL Injection. You should better try to use parameterized query to handle it.

score 0 · Answer 3 · answered Jan 06 '16 at 07:48

0

Put this condition in the start of your method

if(string.IsNullOrWhiteSpace(TextBox1.Text))
{
       MessageBox.Show("Empty value");
       return;
}

answered Jan 06 '16 at 07:48

Irshad

3,071
5
30
51

score 0 · Answer 4 · answered Jan 06 '16 at 12:13

0

Use like following. Hope it will solve your problem

if(!string.IsNullOrEmpty(txtYourTextBox.Text))
{
   //Logic here if text box is not empty
}

answered Jan 06 '16 at 12:13

Mahedee

166
7

Dgan · Accepted Answer · 2016-01-07T10:59:25.500

-1

Be ware of Sql Injection

 private void submit_button_Click(object sender, EventArgs e)
            {

     if (!string.IsNullOrEmpty(mytextBox))
    {

      MessageBox.Show("your message goes here");
       return ;
     }

        string constring = "datasource=localhost;username=root;password=";
       // insert with parameterised query 

        MySqlConnection conDataBase = new MySqlConnection(constring);
        MySqlCommand cmdDataBase = new MySqlCommand(Query, conDataBase);
        MySqlDataReader myReader;
        try
        {
            conDataBase.Open();
            myReader = cmdDataBase.ExecuteReader();
            MessageBox.Show("The Bug have been reported");
            while(myReader.Read())
            {

            }
            this.Close();
        }catch(Exception ex)
        {
            MessageBox.Show(ex.Message);
        }
    }

edited Jan 07 '16 at 10:59

answered Jan 06 '16 at 07:49

Dgan

10,077
1
29
51

3

You are talking about SQL Injection and showing an code sample which violates it. – Rahul Jan 06 '16 at 07:57
@Rahul mention before answer `Be ware of Sql Injection` – Dgan Jan 06 '16 at 07:58
1

You show how to incorporate sql injection *in* your answer though. You should also explain how this code actually solves the op's issue too – Sayse Jan 06 '16 at 07:58
@Sayse i mention it as `IsNullOrEmpty` – Dgan Jan 06 '16 at 08:08

c# beginner-How to use if-statement to check textbox is empty?

5 Answers5