You haven't executed the command, os the chancesa re that the reader is not initialized. Try:
selectCommand.Parameters.Add("@COOP_ID", SqlDbType.Int).Value = txtIdCoop.Text
dr = selectCommand.ExecuteReader()
While dr.Read ()
"I fix it but they are now without the @ am I vulnerable to sqlInjection? also the new error I get is after searchin,inserting or updating one time after I do it for second time it tells me The variable name '@COOP_ID' has already been declared. Variable names must be unique within a query batch or stored procedure."
Change your code to like this:
selectCommand.CommandType = CommandType.Text
selectCommand.Parameters.Add("@COOP_ID", SqlDbType.Int).Value = txtIdCoop.Text
conn.Open()
selectCommand.ExecuteReader()
Try
While dr.Read ()
txtNombreCoop.Text = dr("@COOP_NOMBRE").ToString()
EstatusRecordRCoop.Text = "Record Encontrado"
End While
Catch ex As SqlException
EstatusRecordRCoop.Text = "Error"
MessageBox.Show(ex.Message)
Finally
conn.Close()
End Try
You may also want to make the the textbox.Text set add the text rather than overwrite it each time.
You may find you don't want the "@" on the dr access - unless you have a column named @COOP_NOMBRE you shouldn't need it. (It's also good practice to explicitly nam eteh columns you want returned in teh SELECT statement rather than using "SELECT * FROM..." as the latter wastes bandwidth and time).