How to execute query and store data of a column in a variable in VB.net?

Question

I have the following code where I am trying to execute a query and store the value from the database in two variables. Depending on the variables, I would like to tick a checkbox and add some text to a textbox.

Here is the code:

 Try
    Dim cn As SqlConnection
    Dim strCnn As String = ConfigurationManager.ConnectionStrings("agilityconnectionstring").ConnectionString
    cn = New SqlConnection(strCnn)
    cn.Open()
    Dim comm As New SqlCommand("select IsCompleted, CompletionDate from managerchecklist where ID = 53 and QuestionID = 1", cn)

    comm.CommandType = CommandType.Text
    Dim ds As SqlDataReader
    ds = comm.ExecuteReader()
    If ds.HasRows Then
        While ds.Read
            IsComplete = ds.Item("IsCompleted").ToString()
            CompleteDate = ds.Item("CompletionDate").ToString()

            identifytasks_done.Checked = True
            identifytasks_date.Attributes.Add("style", "display:block")
            identifytasks_date.Text = CompleteDate
        End While
    End If
    ''Close your connections and commands.
    cn.Close()
Catch ex As Exception
    ''Handle error if any
End Try

But I seem to be going wrong somewhere. Can anyone please help me?

Answer 1

Depending on the variables, I would like to tick a checkbox and add some text to a textbox.

1. Have an If Statement to check the variables whether it is complete

   If IsComplete = "complete" Then identifytasks_done.Checked = True identifytasks_date.Attributes.Add("style", "display:block") identifytasks_date.Text = CompleteDate End If

2. Move the checking to SQL statement

   Dim comm As New SqlCommand( "select IsCompleted, CompletionDate from " + "managerchecklist where ID = 53 and QuestionID = 1 and " "IsCompleted = 'complete'", cn)

Consider using parameter SQL instead to prevent SQL injection

Answer 2

I would recommend a Using statement for SQL queries and also parameters.

Get the values from SQL then use an IF statement to do whatever based on the values.

Assuming IsCompleted is a bit field in SQL....

    Dim isCompleted As Boolean
    Dim completedDate As Date

    Using con As New SqlClient.SqlConnection(ConfigurationManager.ConnectionStrings("agilityconnectionstring").ConnectionString)
        Using cmd As New SqlClient.SqlCommand("SELECT [IsCompleted], [CompletionDate] FROM managerchecklist where [ID] = @managerchecklistID and [QuestionID] = @questionID", con)
            cmd.Parameters.Add("@managerchecklistID", SqlDbType.Int).Value = 53
            cmd.Parameters.Add("@questionID", SqlDbType.Int).Value = 1
            con.Open()
            Using reader As SqlClient.SqlDataReader = cmd.ExecuteReader
                While reader.Read
                    'Index in order of the columns in the SELECT statement
                    If reader.GetSqlBoolean(0).IsNull = False Then isCompleted = reader.GetSqlBoolean(0)
                    If reader.GetSqlDateTime(1).IsNull = False Then completedDate = reader.GetSqlDateTime(1)
                End While
            End Using
        End Using
    End Using

    If isCompleted Then
        identifytasks_done.Checked = True
        identifytasks_date.Attributes.Add("style", "display:block")
        identifytasks_date.Text = completedDate
    End If

You could place this in a Sub of it's own with managerchecklistID and questionID as arguments then set the parameter values with the arguments

        cmd.Parameters.Add("@managerchecklistID", SqlDbType.Int).Value = managerchecklistID 
        cmd.Parameters.Add("@questionID", SqlDbType.Int).Value = questionID