-2

I have three tables: Patient, Doctor, Diagnosis. In the Diagnosis form I have two ComboBoxes, and I need to be able to choose the names of doctor and patient through these ComboBoxes.

Code of the methods:

void populatecombo()
{
    string sql = "select * from Patient";
    SqlCommand cmd = new SqlCommand(sql, conn);
    SqlDataReader rdr;
    try
    {
        conn.Open();
        DataTable dt = new DataTable();
        dt.Columns.Add("PatId", typeof(int));
        rdr = cmd.ExecuteReader();
        dt.Load(rdr);
        PatId.ValueMember = "PatId";
        PatId.DataSource = dt;
        conn.Close();
    }
    catch
    {

    }
}

void populatedoc()
{
    string mysql = "select * from Doctor";
    SqlCommand cmd = new SqlCommand(mysql, conn);
    SqlDataReader rdr;
    try
    {
        conn.Open();
        DataTable dt = new DataTable();
        dt.Columns.Add("DocId", typeof(int));
        rdr = cmd.ExecuteReader();
        dt.Load(rdr);
        DocId.ValueMember = "DocId";
        DocId.DataSource = dt;
        conn.Close();
    }
    catch
    {

    }
}

string patname;
string docname;

void fetchpatientname()
{

    string mysql = "select * from Patient where PatId=" + PatId.SelectedValue.ToString() + "";
    SqlCommand cmd = new SqlCommand(mysql, conn);
    DataTable dt = new DataTable();
    SqlDataAdapter da = new SqlDataAdapter(cmd);
    da.Fill(dt);
    foreach (DataRow dr in dt.Rows)
    {
        patname = dr["PatName"].ToString();
        PatientTb.Text = patname;
    }

}
void fetchdoctorname()
{
    string str = "select * from Doctor where DocId=" + DocId.SelectedValue.ToString() + "";
    SqlCommand cmd = new SqlCommand(str, conn);
    DataTable dt = new DataTable();
    SqlDataAdapter da = new SqlDataAdapter(cmd);
    da.Fill(dt);
    foreach (DataRow dr in dt.Rows)
    {
        docname = dr["DocName"].ToString();
        DocName.Text = docname;
    }
}

So populatedoc and populatecombo should get the names of doctor and patient, and fetch should help to choose them from ComboBox, but it doesn't seem to work with the error:

System.Data.SqlClient.SqlException: "Incorrect syntax near '='."

Picture of the form:

enter image description here

Dale K
  • 25,246
  • 15
  • 42
  • 71
Carl
  • 345
  • 5
  • 23
  • 2
    Does this answer your question? [What are good ways to prevent SQL injection?](https://stackoverflow.com/questions/14376473/what-are-good-ways-to-prevent-sql-injection) • [SqlCommand Parameters Add vs. AddWithValue](https://stackoverflow.com/questions/21110001/sqlcommand-parameters-add-vs-addwithvalue) –  Jun 20 '21 at 14:21
  • 2
    [SQL Injection alert](http://msdn.microsoft.com/en-us/library/ms161953%28v=sql.105%29.aspx) - you should **not** concatenate together your SQL statements - use **parametrized queries** instead to avoid SQL injection - check out [Little Bobby Tables](http://bobby-tables.com/) – marc_s Jun 20 '21 at 14:37
  • @OlivierRogier so actually i edited like you showed, but i still can't choose from comboboxes, because when i click on it, there's just an empty space instead of data from other tables – Carl Jun 20 '21 at 15:00
  • What are the DB Type of PatId and DocId? Text.VarChar or Integer or what? What are PatId and DocId and the underlying type of SelectedValue? –  Jun 20 '21 at 15:09
  • they are int, but i'm not sure how to select docname and patname, so i editet the image of the form to the post to make it clearer – Carl Jun 20 '21 at 15:11
  • so i need to make it select name from combobox, but i don't know how to do it without having to type the ID – Carl Jun 20 '21 at 15:13
  • Is any update? Please check if my answer works for you. – Jack J Jun Jun 23 '21 at 07:53

1 Answers1

0

Based on my test, I could not get the error you provided based on your code.

You could try to use SqlCommand.Parameters.AddWithValue method to do it.

 void fetchpatientname()
        {
            conn.Open();
            string mysql = "select * from Patient where PatId=@PatId";
            SqlCommand cmd = new SqlCommand(mysql, conn);
            cmd.Parameters.AddWithValue("@PatId", cmbPat.SelectedValue);
            DataTable dt = new DataTable();
            SqlDataAdapter da = new SqlDataAdapter(cmd);
            da.Fill(dt);
            foreach (DataRow dr in dt.Rows)
            {
                patname = dr["PatName"].ToString();
                txtPatName.Text = patname;
            }
            conn.Close();

        }
        void fetchdoctorname()
        {
            conn.Open();
            string str = "select * from Doctor where DocId=@DocId"; 
            SqlCommand cmd = new SqlCommand(str, conn);
            cmd.Parameters.AddWithValue("@DocId", cmbDoc.SelectedValue);
            DataTable dt = new DataTable();
            SqlDataAdapter da = new SqlDataAdapter(cmd);
            da.Fill(dt);
            foreach (DataRow dr in dt.Rows)
            {
                docname = dr["DocName"].ToString();
                txtDocName.Text = docname;
            }
            conn.Close();
        }
         private void button1_Click(object sender, EventArgs e)
        {
            fetchdoctorname();
            fetchpatientname();
        }

Result:

enter image description here

Jack J Jun
  • 5,633
  • 1
  • 9
  • 27