C# SQL数据读取器读取不一致_C#_Sql_Sqldatareader

C# SQL数据读取器读取不一致

c# sql

C# SQL数据读取器读取不一致,c#,sql,sqldatareader,C#,Sql,Sqldatareader,我有下面的C代码- private void sendnotificationmail(string enqid) { try { connection.Open(); List<string> maillist = new List<string>(); string sql = "SELECT TrussLog.repmail, TrussLog.branchemail, TrussEnquiry

我有下面的C代码-

private void sendnotificationmail(string enqid)
{
    try
    {
        connection.Open();
        List<string> maillist = new List<string>();
        string sql = "SELECT     TrussLog.repmail, TrussLog.branchemail, TrussEnquiry.DesignerEmail FROM         TrussLog FULL OUTER JOIN                      TrussEnquiry ON TrussLog.enquirynum = TrussEnquiry.Enquiry_ID         where TrussEnquiry.Enquiry_ID = '" + enqid + "'";
        SqlCommand cmd = new SqlCommand(sql);
        SqlDataReader reader = cmd.ExecuteReader();

        while (reader.Read())
        {
            if (!string.IsNullOrEmpty(reader[0].ToString()))
            {
                maillist.Add(reader[0].ToString());
            }
            if (!string.IsNullOrEmpty(reader[1].ToString()))
            {
                maillist.Add(reader[1].ToString());
            }
            if (!string.IsNullOrEmpty(reader[2].ToString()))
            {
                maillist.Add(reader[2].ToString());
            }
        }
        connection.Close();

        if (result != DialogResult.Cancel)
        {
            processmail(maillist);
        }
    }
    catch (Exception)
    {
    }
}

我从Windows窗体上的组合框中获取变量enqid的值。组合框的内容从数据库中检索。加载表单时，组合框显示从数据库检索到的第一个查询ID。当我运行程序时，数据读取器跳过循环。但是，如果我在组合框中选择了不同的查询，则数据读取器工作正常

您似乎忘记了将命令与连接关联：

这意味着忽略所有错误并继续。

第一个查询可能不会产生任何结果。您知道当前代码已暴露于SQL注入。改用参数化查询。从数据库检索第一个查询ID为什么有空捕获？删除它并重新测试。SQL注入漏洞和空捕获块。这将导致在IDE之外进行几乎不可能的调试…@David，并且不要忘记只有在没有错误的情况下，连接才会关闭：使用block missing。捕获过程吞没了错误。为什么人们认为抑制错误可以修复错误？！从未理解过。@DmitryBychenko是的，你说得对，他没有定义与命令的连接。

  // SendNotificationMail is more readable then sendnotificationmail
  private void sendnotificationmail(string enqid) {
    // put IDisposable into using...
    using (SqlConnection con = new SqlConnection("ConnectionStringHere")) {
      con.Open();

      using (SqlCommand cmd = new SqlCommand()) {
        cmd.Connection = con; // <- You've omitted this

        // have SQL readable
        cmd.CommandText =
          @"SELECT TrussLog.repmail, 
                   TrussLog.branchemail, 
                   TrussEnquiry.DesignerEmail 
              FROM TrussLog FULL OUTER JOIN                      
                   TrussEnquiry ON TrussLog.enquirynum = TrussEnquiry.Enquiry_ID         
             WHERE TrussEnquiry.Enquiry_ID = @prm_Id";

        // use parametrized queries
        cmd.Parameters.AddWithValue("@prm_Id", enqid);

        using (SqlDataReader reader = cmd.ExecuteReader()) {
          while (reader.Read()) {
            ...
          }
        }
      }
    }
  }

  catch (Exception)
  {
  }