C# SQL数据读取器读取不一致
我有下面的C代码-C# SQL数据读取器读取不一致,c#,sql,sqldatareader,C#,Sql,Sqldatareader,我有下面的C代码- private void sendnotificationmail(string enqid) { try { connection.Open(); List<string> maillist = new List<string>(); string sql = "SELECT TrussLog.repmail, TrussLog.branchemail, TrussEnquiry
private void sendnotificationmail(string enqid)
{
try
{
connection.Open();
List<string> maillist = new List<string>();
string sql = "SELECT TrussLog.repmail, TrussLog.branchemail, TrussEnquiry.DesignerEmail FROM TrussLog FULL OUTER JOIN TrussEnquiry ON TrussLog.enquirynum = TrussEnquiry.Enquiry_ID where TrussEnquiry.Enquiry_ID = '" + enqid + "'";
SqlCommand cmd = new SqlCommand(sql);
SqlDataReader reader = cmd.ExecuteReader();
while (reader.Read())
{
if (!string.IsNullOrEmpty(reader[0].ToString()))
{
maillist.Add(reader[0].ToString());
}
if (!string.IsNullOrEmpty(reader[1].ToString()))
{
maillist.Add(reader[1].ToString());
}
if (!string.IsNullOrEmpty(reader[2].ToString()))
{
maillist.Add(reader[2].ToString());
}
}
connection.Close();
if (result != DialogResult.Cancel)
{
processmail(maillist);
}
}
catch (Exception)
{
}
}
我从Windows窗体上的组合框中获取变量enqid的值。组合框的内容从数据库中检索。加载表单时,组合框显示从数据库检索到的第一个查询ID。当我运行程序时,数据读取器跳过循环。但是,如果我在组合框中选择了不同的查询,则数据读取器工作正常您似乎忘记了将命令与连接关联:
这意味着忽略所有错误并继续。第一个查询可能不会产生任何结果。您知道当前代码已暴露于SQL注入。改用参数化查询。从数据库检索第一个查询ID为什么有空捕获?删除它并重新测试。SQL注入漏洞和空捕获块。这将导致在IDE之外进行几乎不可能的调试…@David,并且不要忘记只有在没有错误的情况下,连接才会关闭:使用block missing。捕获过程吞没了错误。为什么人们认为抑制错误可以修复错误?!从未理解过。@DmitryBychenko是的,你说得对,他没有定义与命令的连接。
// SendNotificationMail is more readable then sendnotificationmail
private void sendnotificationmail(string enqid) {
// put IDisposable into using...
using (SqlConnection con = new SqlConnection("ConnectionStringHere")) {
con.Open();
using (SqlCommand cmd = new SqlCommand()) {
cmd.Connection = con; // <- You've omitted this
// have SQL readable
cmd.CommandText =
@"SELECT TrussLog.repmail,
TrussLog.branchemail,
TrussEnquiry.DesignerEmail
FROM TrussLog FULL OUTER JOIN
TrussEnquiry ON TrussLog.enquirynum = TrussEnquiry.Enquiry_ID
WHERE TrussEnquiry.Enquiry_ID = @prm_Id";
// use parametrized queries
cmd.Parameters.AddWithValue("@prm_Id", enqid);
using (SqlDataReader reader = cmd.ExecuteReader()) {
while (reader.Read()) {
...
}
}
}
}
}
catch (Exception)
{
}