How to store the resulting string of a SQL query in C#

Question

I have a table TümEnvanter$ which has 2 columns equipment code (Ekipman) and their description (Tanım).

User chooses the equipment from the combo box, and I want the description of the chosen equipment to appear in the label at the time they choose from combobox.

Here is what I tried:

SqlCommand cmdTanim = new SqlCommand("select Tanım from TümEnvanter$ where Ekipman = '" + comboBox_ekipman.Text + "'", connect);
connect.Open();

SqlDataReader reader = cmdTanim.ExecuteReader();
string tanim = reader.ToString();

labelTanim.Text = "Ekipman Tanımı: "+tanim+" ";

When I use this code, I get in the label:

Ekipman Tanımı: System.Data.SqlClient.SqlDataReader

How can I fix this? Thank you.

Answer 1

Use this code instead by using the reader() method of SqlDataReader to read and access the contents of the SqlDataReader.

SqlCommand cmdTanim = new SqlCommand("select Tanım from TümEnvanter$ where Ekipman = '" + comboBox_ekipman.Text + "'", connect);
connect.Open();

SqlDataReader reader = cmdTanim.ExecuteReader();
if(reader.HasRows){
    reader.read();
    string tanim = reader.ToString();
    labelTanim.Text = "Ekipman Tanımı: "+tanim+" ";    
}

Hope this code snippet works for you.

Answer 2

Something like this:

// wrap IDisposable into using
using (SqlConnection connect = new SqlConnection("Put_Connection_String_Here"))
{
    connect.Open();

    // Make SQL readable and parametrized
    string sql = 
      @"select Tanım 
          from TümEnvanter$ 
         where Ekipman = @prm_Ekipman";  

    // wrap IDisposable into using 
    using (SqlCommand cmdTanim = new SqlCommand(sql, connect))
    {   
        //TODO: explicit typing Add(..., DbType...) is a better choice then AddWithValue
        cmdTanim.Parameters.AddWithValue("@prm_Ekipman", comboBox_ekipman.Text);

        // We want one record only; ExecuteScalar() instead of ExecuteReader() 
        // String interpolation shortens the code
        labelTanim.Text = $"Ekipman Tanımı: {cmdTanim.ExecuteScalar()} ";
    }
}

Answer 3

You should try this code, it gathers some good practices, such as:

1) Uses using statement to release unamnaged resources (SQL connections, IDisposables in general).

2) Prevents from SQL injection using Parameters field of SqlCommand object.

Also, I used ExecuteScalar method, mentioned by @MarcGravell, which simplifies the code.

public void SqlConn()
{
    string tanim = null;
    using (SqlConnection connect = new SqlConnection("connectionString"))
    {
        using (SqlCommand cmdTanim = new SqlCommand())
        {
            cmdTanim.Connection = connect;
            cmdTanim.CommandText = "select Tanım from TümEnvanter$ where Ekipman = @param";
            cmdTanim.Parameters.Add("@param", SqlDbType.VarChar).Value = comboBox_ekipman.Text;
            connect.Open();

            tanim = (string)cmdTanim.ExecuteScalar();
        }
    }
    labelTanim.Text = "Ekipman Tanımı: " + tanim + " ";
}

Answer 4

If you only expect a single value, then ExecuteScalar is much simpler than using a reader, i.e.

labelTanim.Text = Convert.ToString(cmdTanim.ExecuteScalar());

In general, perhaps consider tools like "Dapper" which would make this simple even in multi-row cases and solve the SQL injection problem trivially:

string s = connect.QuerySingle<string>(
    "select Tanım from TümEnvanter$ where Ekipman = @val", // command
    new { val = comboBox_ekipman.Text }); // parameters

Answer 5

Use below code :

SqlCommand cmdTanim = new SqlCommand("select Tanım from TümEnvanter$ where Ekipman = '" + comboBox_ekipman.Text + "'", connect);
connect.Open();

SqlDataReader reader = cmdTanim.ExecuteReader();
string tanim = string.Empty;

    while (reader.Read())
    {
        tanim=  reader["Tanım"].ToString()
    }

labelTanim.Text = "Ekipman Tanımı: "+tanim+" ";