Hello. Can anyone tell my why is my code Section='"+lblSection.Text+"' paramater doesnt works

Question

When I run this it doesnt fill items in my combo box.

public void FILLREPRESENTATIVE()     
{
  try // fill combobox Party with corresponding Representative Section        
  {                                                                            
    MySqlCommand command = new MySqlCommand("SELECT CONCAT(Firstname,' ',LastName) AS Full_Name, Section, 
    Position FROM candidatetable WHERE Section='"+lblSection.Text+"' AND Position= 'Representative'", connection);

    connection.Open();

    MySqlDataReader reader = command.ExecuteReader();

    while (reader.Read())
    {            
      cbRepresentative.Items.Add(reader.GetString("Full_Name"));       
    }

    connection.Close();    
  }
  catch (Exception ex)
  {
    MessageBox.Show(ex.Message);
  } 
}

If I use this kind of code: Section='ict' it fills my combo box. But I wanted to use the label text for my Section.

It only works if i use a specific condition like this : MySqlCommand command = new MySqlCommand("SELECT CONCAT(Firstname,' ',LastName) AS Full_Name, Section, Position, Letter FROM candidatetable WHERE Section='Ict' AND Position= 'Representative'", connection);. But i wanted to use the label text for my project. — Yravi LaPina, Mar 05 '20 at 19:57
You should really use parameters any time you are going to have user input used as part of a query. Would recommend taking a look at the answer [here](https://stackoverflow.com/questions/652978/parameterized-query-for-mysql-with-c-sharp) for an example of this. — Tyler Hundley, Mar 05 '20 at 20:02

score 1 · Accepted Answer · edited Mar 05 '20 at 20:08

1

Try using this line of code:

MySqlCommand cmd = new MySqlCommand("SELECT CONCAT(Firstname,' ',LastName) AS Full_Name, Section, 
Position FROM candidatetable WHERE Section=@section AND Position= 'Representative'", con);

cmd.Parameters.AddWithValue("@section", lblSection.Text);

edited Mar 05 '20 at 20:08

Tyler Hundley

859
5
11

answered Mar 05 '20 at 20:02

popoyjin

36
5

And yet i also forget to declare my function to my label text changed. Thank you for the paramater problem that solves my problem. – Yravi LaPina Mar 06 '20 at 12:25

Hello. Can anyone tell my why is my code Section='"+lblSection.Text+"' paramater doesnt works

1 Answers1