Invalid attempt to access a field before calling Read()

Question

I am developing a windows app using mysql and c#. In my app there's a signin page having a sign in button. When i press sign in button it do not loads the values from database and gives me the following error:

Invalid attempt to access a field before calling Read().

Visual Studio indicates the my following code as error:

connection.Open();

string query2 = "SELECT * FROM newregistration where ID='" + id+"'";
MySql.Data.MySqlClient.MySqlCommand myCommand2 = new                 MySql.Data.MySqlClient.MySqlCommand(query2, connection);

// First Name Reader
MySqlDataReader fnamereader = myCommand2.ExecuteReader();
fnamereader.Read();
Fname = fnamereader.GetString(fnamereader.GetOrdinal("FirstName"));
fnamereader.Close();

// Second Name Reader
MySqlDataReader snamereader = myCommand2.ExecuteReader();
snamereader.Read();
Sname = snamereader.GetString(snamereader.GetOrdinal("SecondName"));
snamereader.Close();

// EMAIL ID Reader
MySqlDataReader emailreader = myCommand2.ExecuteReader();
emailreader.Read();
EmailID = emailreader.GetString(emailreader.GetOrdinal("EmailID"));
emailreader.Close();
DataSet ds = new DataSet();
MyAdapter.Fill(ds);

if (ds.Tables[0].Rows.Count > 0)
{
    profile windwo = new profile(this.id, this.Fname,this.Sname,this.EmailID);
    AddUserProfileInformation win = new AddUserProfileInformation(this.id);
     this.Hide();
    windwo.Show();
}
else
{
    MessageBox.Show("Sorry Wrong information entered.");
}

connection.Close();

Please help me in sorting out the problem as I am new to development.

Answer 1

You don't need to keep executing the datareader before each field

   MySqlDataReader reader = myCommand2.ExecuteReader();
   reader.Read();
   Fname = reader.GetString(reader.GetOrdinal("FirstName"));
   Sname = reader.GetString(reader.GetOrdinal("SecondName"));
   EmailID = reader.GetString(reader.GetOrdinal("EmailID"));
   reader.Close();

A couple of other things

• Please use parameterised sql for binding variables - don't just concatenate the variable into sql text - this has security and performance benefits.
• You should check the boolean result of the reader.Read() before using it

Answer 2

You don't need to use a seperate MySqlDataReader every column of your sql query. Just use one MySqlDataReader and read all column values in it.

Looks like, you just need to use something like;

if(fnamereader.Read())
{
   Fname = fnamereader.GetString(fnamereader.GetOrdinal("FirstName"));
   Sname = fnamereader.GetString(fnamereader.GetOrdinal("SecondName"));
   EmailID = fnamereader.GetString(fnamereader.GetOrdinal("EmailID"));
}

But more important, you should always use parameterized queries. This kind of string concatenations are open for SQL Injection attacks.

string query2 = "SELECT * FROM newregistration where ID=@id";
MySqlCommand myCommand2 = new MySqlCommand(query2, connection);
myCommand2.Parameters.AddWithValue("@id", id);