How to retrieve data from database based on selected value in combo box?
Question
Im new to c# here. I have a comboBox codes that enable user to choose month and dates. When user click cmdSend button, the program will retrieve the month & date form comboBox and call dbConnect.Select class function to do the select mysql statement.
private void cmdSend_Click(object sender, System.EventArgs e)
{
List<string>[] list;
list = dbConnect.Select(month_list.Text, year_list.Text);
printer_info.Rows.Clear();
for (int i = 0; i < list[0].Count; i++)
{
int number = printer_info.Rows.Add();
printer_info.Rows[number].Cells[0].Value = list[0][i];
printer_info.Rows[number].Cells[1].Value = list[1][i];
printer_info.Rows[number].Cells[2].Value = list[2][i];
printer_info.Rows[number].Cells[3].Value = list[3][i];
}
}
the retrieve database class:
public List<string>[] Select(string month,string year)
{
string query = "SELECT * FROM page_counter where month ='" + month + "' AND year ='" + year + "' ;";
//Create a list to store the result
List<string>[] list = new List<string>[4];
list[0] = new List<string>();
list[1] = new List<string>();
list[2] = new List<string>();
list[3] = new List<string>();
//Open connection
if (this.OpenConnection() == true)
{
//Create Command
MySqlCommand cmd = new MySqlCommand(query, connection);
//Create a data reader and Execute the command
MySqlDataReader dataReader = cmd.ExecuteReader();
//Read the data and store them in the list
while (dataReader.Read())
{
list[0].Add(dataReader["id"].ToString() + "");
list[1].Add(dataReader["month"].ToString() + "");
list[2].Add(dataReader["year"].ToString() + "");
list[3].Add(dataReader["page_count"].ToString() + "");
}
//close Data Reader
dataReader.Close();
//close Connection
this.CloseConnection();
//return list to be displayed
return list;
}
else
{
return list;
}
}
However this code does not work, can someone advise me please?
EDITED:
string query = "SELECT * FROM page_counter where month = @month AND year = @year;";
//Open connection
if (this.OpenConnection() == true)
{
//Create Command
MySqlCommand cmd = new MySqlCommand(query, connection);
cmd.Parameters.AddWithValue("@month",month);
cmd.Parameters.AddWithValue("@year",year );
//Create a data reader and Execute the command
MySqlDataReader dataReader = cmd.ExecuteReader();
//Read the data and store them in the list
while (dataReader.Read())
{
list[0].Add(dataReader["id"].ToString() + "");
list[1].Add(dataReader["month"].ToString() + "");
list[2].Add(dataReader["year"].ToString() + "");
list[3].Add(dataReader["page_count"].ToString() + "");
}
//close Data Reader
dataReader.Close();
I have edited the code as suggested,However I have an error on the AddWithValue, it say : does not contain a definition for AddWithValue and no extension method AddWithValue, I have added the Data.MySqlClient reference but still remain the same. Please advise.
1 answers
solution1
1 2014-02-27 03:58:08
Problem 1 : You need to use SelectedItem property of the combobox to get the selected item from it.
Solution 1:
Replace This:
list = dbConnect.Select(month_list.Text, year_list.Text);
With This:
list = dbConnect.Select(month_list.SelectedItem.ToString(),
year_list.SelectedItem.ToString());
Problem 2:
i beilve that your Month and Year columns in your Database are INT columns.if they are INT columns you dont need to enclose the month and year parameter values within single quotes.
Solution 2:
Try This:
string query = "SELECT * FROM page_counter where month =
" + month + " AND year =" + year + " ;";
Suggestion : Your query is open to sql injection attacks i'd suggest to use Parameterised queries to avoid them.
Try This with Parameterised queries:
string query = "SELECT * FROM page_counter where month = @month AND year = @year;";
//Open connection
if (this.OpenConnection() == true)
{
//Create Command
MySqlCommand cmd = new MySqlCommand(query, connection);
cmd.Parameters.AddWithValue("@month",month);
cmd.Parameters.AddWithValue("@year",year );
//Remaining same
//Create a data reader and Execute the command
MySqlDataReader dataReader = cmd.ExecuteReader();
//Read the data and store them in the list
while (dataReader.Read())
{
list[0].Add(dataReader["id"].ToString() + "");
list[1].Add(dataReader["month"].ToString() + "");
list[2].Add(dataReader["year"].ToString() + "");
list[3].Add(dataReader["page_count"].ToString() + "");
}
//close Data Reader
dataReader.Close();
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.