0
MySqlConnection cn = conectar.fazer_conexao();
MySqlCommand cmd = new MySqlCommand();
cmd.Connection = cn;
try
{
    cn.Open();
    if (txt_codigo.Text == "")
    {
        cmd.CommandText = "Insert into operacoes (nome_cliente, codigo_cliente, data_locacao) VALUES ('" + cmb_cliente.Text + "','" + codigo_cliente.Text + "','" + Convert.ToDateTime(mask_dl.Text).ToString("yyyy/MM/dd") + "')";
    }

    cmd.CommandText = "SELECT LAST_INSERT_ID()";
    MySqlDataReader read = cmd.ExecuteReader();
    read.Read();

    int id = Convert.ToInt32(cmd.ExecuteScalar());

    for (int i = 0; i <= grid_jogos.RowCount - 1; i++)
    {
        if (Convert.ToBoolean(grid_jogos.Rows[i].Cells["select"].Value))
        {
            string jogos = grid_jogos.Rows[i].Cells[1].Value.ToString();
            cmd.CommandText = "Insert into itens (codigo_operacao, codigo_jogos) values ('" + id + "','" + jogos + "')";
        }
    }

    cmd.ExecuteNonQuery();
    cn.Close();

I've been getting this message when I try to make an insert and select on the same conection. But I don't see another DataReader open. Is there any way to do insert and select or is it just a silly mistake that I didn't notice?

Palle Due
  • 5,929
  • 4
  • 17
  • 32

1 Answers1

0

As Palle has stated in his comment you are vulnerable to SQL injection. Please read on how to fix this first! In addition, I would simply create two using statements each with a separate command object. It could look something like this:

    using(MySqlCommand cmd1 = new MySqlCommand("DO SOMETHING 1", cn))
    {

    }

    using(MySqlCommand cmd2 = new MySqlCommand("DO SOMETHING 2", cn))
    {
             
    }
Aaron
  • 1,600
  • 1
  • 8
  • 14