There is a path through your code such that either or both of
queryUpdate1
and
queryUpdate2
can still be the empty string after the
if
conditions: Specifically if
typerdonly.Text
is not "SL" or "VL", or if one of the inner
if
conditions fails.
You will need to either use the debugger to find out exactly what is happening, or add logging code to record exactly what is happened for analysis after the problem occurs.
You can then look back in your code to find out why values are not as you expect.
Sorry, but we can't do any of that for you!
Oh, and do yourself a favour: Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Always use Parameterized queries instead.
When you concatenate strings, you cause problems because SQL receives commands like:
SELECT * FROM MyTable WHERE StreetAddress = 'Baker's Wood'
The quote the user added terminates the string as far as SQL is concerned and you get problems. But it could be worse. If I come along and type this instead: "x';DROP TABLE MyTable;--" Then SQL receives a very different command:
SELECT * FROM MyTable WHERE StreetAddress = 'x';DROP TABLE MyTable;
Which SQL sees as three separate commands:
SELECT * FROM MyTable WHERE StreetAddress = 'x';
A perfectly valid SELECT
DROP TABLE MyTable;
A perfectly valid "delete the table" command
And everything else is a comment.
So it does: selects any matching rows, deletes the table from the DB, and ignores anything else.
So ALWAYS use parameterized queries! Or be prepared to restore your DB from backup frequently. You do take backups regularly, don't you?