How Can I Pass Null Or String To Parameter In C# Function?

Question

2.00/5 (2 votes)

See more:

C#

public List<Students> function(string a,string b)
{
  using (SqlConnection con = new SqlConnection(conStr))
            {
                
                SqlCommand cmd = new SqlCommand();
                cmd.CommandText = "select name,class,address from students where name='"+a+"' and class='"+b+"'";
                               
                cmd.Connection = con;
                con.Open();
                SqlDataReader dr = cmd.ExecuteReader();

                List<Students> DataObject = new List<Students>();

                while (dr.Read())
                {
                    Students o = new Students();
                  
                    o.Name= dr["Name"].ToString();
                    o.Class= dr["Class"].ToString();
                    o.Address= dr["Address"].ToString();
                    DataObject .Add(o);
                }

                return DataObject;
  }

I need to use this function like,

function(a,b); it should get the specific student.

function(null,null) it should get all students.

Posted 27-Dec-15 20:22pm

shaprpuff

Add a Solution

Comments

Sergey Alexandrovich Kryukov 28-Dec-15 2:55am

You did not explain what to do if only a == null, or only b == null.
What's the problem?
—SA

BillWoodruff 28-Dec-15 7:37am

Sergey and Kornfeld give you the information/advice you really need here, but do keep in mind that you can define methods with the same name, but different parameter "signatures" to logically separate in your code different distinct cases. This often makes code more maintainable in the future, clearer, self-documenting.

3 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Kornfeld Eliyahu Peter · Answer 1 · 2015-12-27T20:59:00

As I see, your problem is how to built an SQL statement that has complex WHERE clause...
You SQL - at the end - should look somethng like this:

SQL

SELECT NAME, CLASS, ADDRESS FROM STUDENTS WHERE (@A IS NULL OR NAME = @A) AND (@B IS NULL OR CLASS = @B)

To execute such query you need to learn how to use parameterized queries in C# (and never use string concatenation to create that!!!)
SqlCommand.Parameters Property (System.Data.SqlClient)[^]

Sergey Alexandrovich Kryukov · Answer 2 · 2015-12-27T21:01:00

Your approach is wrong from the very beginning. The query composed by concatenation with strings taken from UI. Not only repeated string concatenation is inefficient (because strings are immutable; do I have to explain why it makes repeated concatenation bad?), but there is way more important issue: it opens the doors to a well-known exploit called SQL injection.

This is how it works: http://xkcd.com/327.

Are you getting the idea? The string taken from a control can be anything, including… a fragment of SQL code.

What to do? Just read about this problem and the main remedy: parametrized statements: http://en.wikipedia.org/wiki/SQL_injection.

With ADO.NET, use this: http://msdn.microsoft.com/en-us/library/ff648339.aspx.

Please see my past answers for some more detail:
EROR IN UPATE in com.ExecuteNonQuery();,
hi name is not displaying in name?.

As to your original question, I have no idea what could possibly cause any confusion. Please see my comment to the question: you did not explain what to do if student or class is null, and the other argument is not null. Besides, any of those parameters can be empty string or anything not related to any class.

All you need is to formulate the rule precisely and make different queries for different cases.

—SA

Paw Jershauge · Answer 3 · 2015-12-27T21:00:00

C#

public List<students> function(string a,string b)
{
	List<students> DataObject = new List<students>();
	using (SqlConnection con = new SqlConnection(conStr))
	{
		SqlCommand cmd = new SqlCommand();
		if(string.IsNullOrEmpty(a) && string.IsNullOrEmpty(b))
			cmd.CommandText = "select name,class,address from students";
		else
			cmd.CommandText = "select name,class,address from students where name='"+a+"' and class='"+b+"'";
                               
		cmd.Connection = con;
		con.Open();
		SqlDataReader dr = cmd.ExecuteReader();
 
		while (dr.Read())
		{
			Students o = new Students();
			
			o.Name= dr["Name"].ToString();
			o.Class= dr["Class"].ToString();
			o.Address= dr["Address"].ToString();
			DataObject.Add(o);
		}
	}
	return DataObject;
}</students></students></students>

But really you should use parameters instead of

name='"+a+"' and class='"+b+"'

How Can I Pass Null Or String To Parameter In C# Function?

3 solutions

Solution 1

Solution 3

Solution 2

Add your solution here

Preview 0