0

I have the following code that uses the SqlClient.ExecuteScalar method to return an ID from a table. 

using (var conn = new SqlConnection(connectionString))
using (var cmdContrib = new SqlCommand("SELECT ContributorId FROM Contributor WHERE Code='" + folderSystem.ContributorCode + "'", conn))
{
    conn.Open();
    var contribId = cmdContrib.ExecuteScalar();
}

Originally it was working but now contribId is null. I tested the SQL in management studio after extracting from Profiler and it returned the ID as expected.

Next I added an additional command to retrieve an ID from a different table (Product).
productId is not null while contribId continues to be null.

using (var conn = new SqlConnection(connectionString))
using (var cmdContrib = new SqlCommand("SELECT ContributorId FROM Contributor WHERE Code='" + folderSystem.ContributorCode + "'", conn))
using (var cmdTest = new SqlCommand("SELECT productId FROM Product WHERE [filename] = 'bda00001.jpg'", conn))
{
    conn.Open();
    var contribId = cmdContrib.ExecuteScalar();
    var productId = cmdTest.ExecuteScalar();
}

I am sure it is something obvious and I'll kick myself for not noticing it, but for now I'm stumped.

Pauly
  • 1,631
  • 5
  • 18
  • 29
  • What's your debug value for folderSystem.ContributorCode? – Jeremy Sullivan Jun 09 '09 at 01:39
  • What value does folderSystem.ContributorCode contain? I'm leaning towards this being an SQL-injection sort of bug (eg a single-quote in the variable's value). – Matt Hamilton Jun 09 '09 at 01:39
  • Construct cmdContrib with a static SQL query, like you have with cmdTest, and see what happens. The problem might jump out at you then. – Michael Petrotta Jun 09 '09 at 01:50
  • folderSsystem.ContributorCodde contains 'PST'. – Pauly Jun 10 '09 at 01:08
  • The debug value for folderSystem.ContributorCode is "PST". Tried making it a static query: "SELECT ContributorId FROM tblContributor WHERE Code='PST'". Still returns null. – Pauly Jun 10 '09 at 01:21

1 Answers1

3

Use Profiler to confirm:

A) how many rows are being returned (I suspect 0) B) What database it is in C) what its login/user context is. D) what the actual entire SQL command is.

Extract this command and re-execute it in the same database to confirm that it does return a value. If this suceeds, then change your execution context to that which the Profiler said that the connection was running under and try again. If it fails now (returns 0 rows) then check to see if the source table (Contributor) may actually be a View that is implementing row-level security.

RBarryYoung
  • 55,398
  • 14
  • 96
  • 137