Click here to Skip to main content
15,867,686 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
Hi guys ,
I'm trying to implement a simple webform (create your own product), so I create four tables
in my database (leather,lining,collar,button).
In my Webform I create four listboxs each one foe one table
listbox8 ->leather
listbox9 ->lining
listbox10->collar
listbox11->button

in every table i have two fields name,price
when the user select one item i want to retrieve the price for this item from the datatable.

I import the following code for listbox8

C#
int priceleather = 0;
        SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ToString());
        String SelectedItem = ListBox8.SelectedItem.Text;
        SqlCommand command1 = new SqlCommand("Select price from createproduct where name=" + SelectedItem);
        con.Open();
        using (SqlDataReader read = command1.ExecuteReader())
        {
            while (read.Read())
            {
                string price = read["price"].ToString();
                priceleather = Convert.ToInt32(price);
            }
            
            GridView1.DataSource = read;

            read.Close();
            con.Close();
        }

    } 

but i receive an error message : ExecuteReader: is not ready or Connection Property?

What I should change in order to make it work?

Is this way correct to implement something that i describe or I should change everything in one table and select them by a column "called" type ?

Thnx in advance for your time and your help
Jason
Posted
Updated 22-Oct-13 2:30am
v2
Comments
Nandakishore G N 22-Oct-13 6:48am    
paste the con.close(); out side using and try.
whenever passing values to the query if it is string(varchar,nvarchar) pass it with single quotes
ex: Select price from createproduct where name='" + SelectedItem+"'";
as harshil mentioned don't use inline query.

Hi,
replace your sql command with this,
C#
SqlCommand command1 = new SqlCommand("Select price from createproduct where name=" + SelectedItem,con); // you are missing con here.

Note(Advise):-
Never pass parameter in query like this, it will make your site vulnerable for sql injection.
Insead use it like this,
C#
SqlCommand command1 = new SqlCommand("Select price from createproduct where name=@name",con);
command1.Parameters.AddWithValue("@name", SelectedItem);

Hope it helps you.
Thanks.
 
Share this answer
 
v2
Comments
JasonTsoum77 22-Oct-13 7:13am    
It worked thnx for your resonse and your help,
I will try the second solution you gave me in order to avoid sql injection
thnx
You should initialize your command connection with your created connection.
try this

C#
con.Open();
            SqlCommand command1 = new SqlCommand("Select price from createproduct where name=" + SelectedItem, con);
 
Share this answer
 
Comments
JasonTsoum77 22-Oct-13 7:14am    
thnx for your response and your help it worked

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900