[英]SQLDataReader not reading
I am trying to make an alert system that checks a medications linked allergies with a patients linked allergies (see image below). 我正在尝试创建一个警报系统,以检查与药物有关的过敏症与与患者有关的过敏症(请参见下图)。
When I run the code it seems to just completely skip the SQLDataReader, I have performed checks on if(reader.HasRows) and it just shows there are no rows in the reader. 当我运行代码时,似乎只是完全跳过了SQLDataReader,我对if(reader.HasRows)进行了检查,它仅显示读取器中没有行。 All I want to do is show a message box with the selected allergy name at the end of the reader.
我要做的就是在阅读器的最后显示一个带有所选过敏名称的消息框。 I am using SQL Server 2014.Any help will be greatly appreciated.
我使用的是SQL Server 2014.任何帮助将不胜感激。
private void button_addItem_Click(object sender, RoutedEventArgs e)
{
if (!string.IsNullOrEmpty(comboBox_select_Item.Text.ToString()))
{
using (SqlConnection conn = new SqlConnection(connection))
{
try
{
SqlCommand sqlCmd2 = new SqlCommand("SELECT allergyName, allergyDescription FROM Allergies A INNER JOIN PatientAllergies PA ON A.allergyID = PA.allergyID WHERE A.allergyID = PA.allergyID AND PA.allergyID = (SELECT allergyID FROM Medication_Allergies MA WHERE MA.medID = " + comboBox_select_Item.SelectedValue.ToString() + ")", conn);
conn.Open();
SqlDataReader sqlReader = sqlCmd2.ExecuteReader();
Allergies allergies = new Allergies();
while (sqlReader.Read())
{
allergies.allergyName = Convert.ToString(sqlReader["allergyName"]);
allergies.allergyDescription = Convert.ToString(sqlReader["allergyDescription"]);
}
MessageBox.Show(allergies.allergyName);
sqlReader.Close();
FillSalesItemGrid();
}
catch (Exception ex)
{
MessageBox.Show(ex.ToString(), ex.ToString());
}
}
}
}
First of all your SqlCommand is vulnerable to sql injections attack - you should always use SqlParameter as it helps you to prevent sql injections. 首先,您的SqlCommand容易受到sql注入攻击-您应该始终使用SqlParameter,因为它有助于防止sql注入。 So your SqlCommand should looks like :
因此,您的SqlCommand应该看起来像:
SqlCommand sqlCmd2 = new SqlCommand("SELECT allergyName, allergyDescription FROM Allergies A INNER JOIN PatientAllergies PA ON A.allergyID = PA.allergyID WHERE A.allergyID = PA.allergyID AND PA.allergyID = (SELECT allergyID FROM Medication_Allergies MA WHERE MA.medID = @medID)", conn);
and you can pass parameter: 您可以传递参数:
sqlCmd2.Parameters.AddWithValue("@medID",comboBox_select_Item.SelectedValue);
What is more, following statement in your query is redundant 而且,查询中的以下语句是多余的
WHERE A.allergyID = PA.allergyID
because you have INNER JOIN on this field 因为您在此字段上有INNER JOIN
FROM Allergies A INNER JOIN PatientAllergies PA ON A.allergyID = PA.allergyID
so you can remove redundant statement from your query 因此您可以从查询中删除多余的语句
SELECT allergyName, allergyDescription FROM Allergies A INNER JOIN PatientAllergies PA ON A.allergyID = PA.allergyID WHERE PA.allergyID = (SELECT allergyID FROM Medication_Allergies MA WHERE MA.medID = @medID)
I'm pretty sure that rest of your code is more or less fine. 我很确定您其余的代码或多或少都可以。 Please have a look if your query returns any rows.
请查看您的查询是否返回任何行。 For example you can copy your query and replace @medID with value from your comboBox.
例如,您可以复制查询并将@medID替换为comboBox中的值。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.