Reputation: 160
Can't retrieve a specific item from a dataset
I've looked through the other questions related to this, but I'm having a different issue. I can't get a specific item to return, it only returns my column name. How do I get the item to return?
public static string GetOneFieldRecord(string field, string companyNum)
{
DataSet ds = new DataSet();
SqlCommand comm = new SqlCommand();
string strSQL = "SELECT @FieldName FROM Companies WHERE CompanyNum = @CompanyNum";
SqlConnection conn = new SqlConnection();
conn.ConnectionString = @connstring;
comm.Connection = conn;
comm.CommandText = strSQL;
comm.Parameters.AddWithValue("@FieldName", field);
comm.Parameters.AddWithValue("@CompanyNum", companyNum);
SqlDataAdapter da = new SqlDataAdapter();
da.SelectCommand = comm;
conn.Open();
da.Fill(ds, "CompanyInfo");
conn.Close();
return ds.Tables[0].Rows[0].ItemArray[0].ToString();
}
I've also tried
return ds.Tables[0].Rows[0][0].ToString();
I'm just getting whatever is in the field variable. If I pass in ("CompanyName", 33), it returns "CompanyName".
Upvotes: 3
Views: 328
Answers (1)
Reputation: 11964
Your query (in sql profiler) is
SELECT 'CompanyName' FROM Сompanies WHERE СompanyNum = 33
So it returns exactly "CompanyName" string. You cannot pass column name as sqlparameter. You should do something like
public static string GetOneFieldRecord(string field, string companyNum)
{
DataSet ds = new DataSet();
SqlCommand comm = new SqlCommand();
string strSQL = string.Format("SELECT {0} FROM Companies WHERE CompanyNum = @CompanyNum", field);
SqlConnection conn = new SqlConnection();
conn.ConnectionString = @connstring;
comm.Connection = conn;
comm.CommandText = strSQL;
comm.Parameters.AddWithValue("@FieldName", field);
comm.Parameters.AddWithValue("@CompanyNum", companyNum);
SqlDataAdapter da = new SqlDataAdapter();
da.SelectCommand = comm;
conn.Open();
da.Fill(ds, "CompanyInfo");
conn.Close();
return ds.Tables[0].Rows[0].ItemArray[0].ToString();
}
But this code can be used for SQL injection.
To avoid Sql injection, you could check that fieldName in field variable is one of the table columns.
Or You could get SELECT * FROM Сompanies WHERE СompanyNum = @CompanyNum and get value of named column from datatable:
public static string GetOneFieldRecord(string field, string companyNum)
{
DataSet ds = new DataSet();
SqlCommand comm = new SqlCommand();
string strSQL = "SELECT * FROM Companies WHERE CompanyNum = @CompanyNum";
SqlConnection conn = new SqlConnection();
conn.ConnectionString = @connstring;
comm.Connection = conn;
comm.CommandText = strSQL;
comm.Parameters.AddWithValue("@FieldName", field);
comm.Parameters.AddWithValue("@CompanyNum", companyNum);
SqlDataAdapter da = new SqlDataAdapter();
da.SelectCommand = comm;
conn.Open();
da.Fill(ds, "CompanyInfo");
conn.Close();
return ds.Tables[0].Rows[0][field].ToString();
}
Upvotes: 3
Related Questions
- Why is this DataSet empty?
- When I try to get an Item from a data set I get "0" for every row
- .NET - How do I retrieve specific items out of a Dataset?
- Get a single value from dataSet in asp.net
- Retrieving data from a dataset
- There Is No Row At Position 5
- Dataset not getting filled
- C# Dataset error
- C#: Unable to retrieve data from a record set
- Retrieve data from dataset