0

I am having some trouble figuring out what is wrong with my code as soon as the debugger hits the execute query a first chance exception is thrown, I know it is not the query since I tested it out in SQL Management Studio. If anyone could give me some insight as to what is wrong it would be greatly appreciated.

Here is my code,

/// <summary>
    /// 
    /// </summary>
    /// <param name="sender"></param>
    /// <param name="e"></param>
    protected void Page_Load(object sender, EventArgs e) {
        if (!IsPostBack) {
            string con_string = WebConfigurationManager.ConnectionStrings["CHDBConnectionString"].ConnectionString;
            SqlConnection con = new SqlConnection(con_string);
            SqlCommand cmd = new SqlCommand("SELECT SUBSTRING(NursingUnitID, 1, 1) AS Floor, COUNT(*) AS Patients" +
                                            "FROM Admissions" +
                                            "WHERE SUBSTRING(NursingUnitID, 1, 1) IN ('1', '2', '3')" +
                                            "AND DischargeDate IS NULL" +
                                            "GROUP BY SUBSTRING(NursingUnitID, 1, 1)", con);

            try {
                using (con) {
                    con.Open();
                    SqlDataReader reader = cmd.ExecuteReader();

                    chtFloor.Series["Series1"].Name = "currentPatients";
                    chtFloor.Series["currentPatients"].Points.DataBindXY(reader, "Floor", "Patients");

                    chtFloor.Width = 600;
                    chtFloor.Height = 600;
                    chtFloor.BorderSkin.SkinStyle = BorderSkinStyle.Emboss;
                    chtFloor.Titles.Add(new Title("Number of Current Patients on Each Floor", Docking.Top, new Font("Arial", 20f), Color.Black));
                    chtFloor.Titles.Add(new Title("Nursing Unit", Docking.Bottom, new Font("Arial", 12f), Color.Black));
                    chtFloor.BackColor = System.Drawing.ColorTranslator.FromHtml("AliceBlue");
                }
            }
            catch (Exception ex)
            {
                Console.WriteLine(ex.ToString());
            }
        }
    }
mason
  • 31,774
  • 10
  • 77
  • 121
Jamie Steele
  • 57
  • 1
  • 2
  • 10
  • Could you provide the thrown exception? – Castaglia Apr 05 '16 at 02:39
  • Note that string concatenation is sign of attempt to add user's input into query. I'd recommend checking out [multiline string literals](http://stackoverflow.com/questions/1100260/multiline-string-literal-in-c-sharp) answer and obviously use parametrized queries when you actually attempt to pass input to your query. – Alexei Levenkov Apr 05 '16 at 02:56
  • (Question in current state has good chance to be closed as typographical error - not really sure how to fix it so). – Alexei Levenkov Apr 05 '16 at 02:56

1 Answers1

1

You should add spaces when concatenating the strings:

SqlCommand cmd = new SqlCommand(
    "SELECT SUBSTRING(NursingUnitID, 1, 1) AS Floor, COUNT(*) AS Patients " +
    "FROM Admissions " +
    "WHERE SUBSTRING(NursingUnitID, 1, 1) IN ('1', '2', '3') " +
    "AND DischargeDate IS NULL " +
    "GROUP BY SUBSTRING(NursingUnitID, 1, 1)", con);
ConnorsFan
  • 70,558
  • 13
  • 122
  • 146