How do I prevent button code from running twice if the user clicks more than once in C#?

Question

I have a method where, when the user clicks a button, it selects data from a table and adds it to a text box. The problem is that when a user clicks 2 or more times, the display code runs once for each click and the data is displayed multiple times in the text box.

How can I clear the Text box and display the data only once?

Note: One of the Text boxes by default has a string which I use on a query that gets the data. When I clear the data, the query throws an error since it doesn't have that string I just cleared to finish the query.

This is the code method that I'm using:

  private void FillFilds()
    {
        mycon.Open();

        string queryfill= "SELECT *From master where Num=@Num";

        oleDbCmd = new OleDbCommand(queryfill, mycon);

        oleDbCmd.Parameters.Add("@Lot", OleDbType.VarChar, 40).Value = Numtxt.Text;

        OleDbDataReader reader;

        try
        {
            reader = oleDbCmd.ExecuteReader();

            reader.Read();
            Idlbl.Text += reader[0];
            Datetxt.Text += reader[1];
            DatePtxt.Value = Convert.ToDateTime(reader[2]);
            Jobtxt.Text += reader[3];
            NoBtxt.Text += reader[4];
            NoPatxt.Text += reader[5];
            NoMtxt.Text += reader[6];
            Numtxt.Text += reader[7];
            NoRtxt.Text += reader[8];
            Description.Text += reader[9];
            NoMatxt.Text += reader[10];
            reader.Close();

        }
        catch (Exception error)
        {
            MessageBox.Show(error.ToString());
        }


        mycon.Close();

    }

I think this might clear some questions... sorry im new at writing in forums.

Answer 1

You could store this default value somewhere, for example as field in the class:

private string DefaultNumber = "12345";

// ...

Then you can assign this value to the TextBox:

Number.Text = DefaultNumber;  // instead of Number.Clear() or Number.Text = ""

But you should really use sql-parameters to prevent sql-injection:

string queryfill = "SELECT * From master where Number = @Number";
DataTable table = new DataTable();
using (OleDbConnection conn = new OleDbConnection(ConnString))
using (OleDbDataAdapter da = new OleDbDataAdapter(queryfill, conn))
{
   da.SelectCommand.Parameters.AddWithValue("Number", Number.Text);
   da.Fill(table);
}

Answer 2

If the text is showing up multiple times in the text box, then you must be appending it rather than setting it. Make sure that you set the .Text value of the textbox using the = sign rather than appending to whatever is there (such as with +=).

You may also want to consider hard coding your default rather than relying on it being displayed in a text box. You can check if the text box is empty or not. If it is empty, then you can use the default, if it is not empty, you can use the entered value. Use String.IsNullOrEmpty(textbox.Text) to check if the string is empty.

You should also note that your code is completely insecure and would allow someone to do anything they wanted with your database through an attack called SQL Injection. You should never allow user input to be passed directly in to a SQL statement. Instead, you should use parameterized SQL and pass the user input as a parameter. This prevents a hacker from being able to insert additional SQL commands in to the input. For example, in this case, if I put '); DROP TABLE Master; SELECT * FROM passwords(' in your textbox, it would destroy your master table.