To use Parameterized queries in your GetData function do something like this:
public static DataTable GetSingleData(string Id)
{
string connectionstring = Properties.Settings.Default.SandboxConnectionString;
string SQL = "select * from testtable where UserId=@Id";
DataTable DATA = new DataTable();
using (var cnnx = new SqlConnection(connectionstring))
{
using (SqlDataAdapter DTA = new SqlDataAdapter(SQL, cnnx))
{
SqlParameter parm = DTA.SelectCommand.Parameters.AddWithValue("@Id", Id);
DTA.Fill(DATA);
if (DATA.Rows.Count > 0)
{
}
}
}
return DATA;
}
To get all the rows instead of just a single one then this is the sort of thing you need:
public static DataTable GetAllData()
{
string connectionstring = Properties.Settings.Default.SandboxConnectionString;
string SQL = "select * from testtable";
DataTable DATA = new DataTable();
using (var cnnx = new SqlConnection(connectionstring))
{
using (SqlDataAdapter DTA = new SqlDataAdapter(SQL, cnnx))
{
DTA.Fill(DATA);
if (DATA.Rows.Count > 0)
{
}
}
}
return DATA;
}
You can then get at the data in the DataTable(s) like this:
Single item
var dtSingle = GetSingleData(17);
var UserName = dtSingle.Rows[0]["UserName"];
All items
var dtAll = GetAllData();
foreach (DataRow dr in dtAll)
{
var UserName = dr["UserName"];
}
OR
for (int i = 0; i < dtAll.Rows.Count; i++)
{
var UserName = dtAll[i]["UserName"];
}
(This assumes that there is a column on the database table testtable called "UserName" - replace this with whatever data you are trying to retrieve)