Home/ Questions/Q 7688283
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-31T19:53:04+00:00

Hi can you help me with this?? I have this code and i want

  • 0

Hi can you help me with this??

I have this code and i want to display the result of my query into my 3rd Textbox but it not displaying.

string query = "SELECT UserID FROM [IBSI].[sec].[Users] WHERE UserName = '" + TextBox2.Text + "'";

if (query != null)
{
  using (SqlConnection conn = new SqlConnection(connect))
  {
    using (SqlCommand cmd = new SqlCommand(query, conn))
    {

      conn.Open();
      SqlDataReader rdr = cmd.ExecuteReader();
      if (rdr.HasRows)
      {
        while (rdr.Read())
        {

         TextBox3.Text=rdr["UserID"].ToString() ;


        }
      }
    }
  }
}

But then i just use this query without the where condition i can see the output;

string query = "SELECT UserID FROM [IBSI].[sec].[Users]";

Thanks in advance

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I’d recommend using parameterized queries for this task. Also, generating sql code from user input (like text boxes/memos) is prone to sql injections (user may enter any sql code into the textbox that may damage database data), so it’d be great to validate input data.

    Sample parameter usage is like this:

    string query = "SELECT UserID FROM [IBSI].[sec].[Users] WHERE UserName = @1";
if (query != null)
{
    using (SqlConnection conn = new SqlConnection(connect))
    {
        using (SqlCommand cmd = new SqlCommand(query, conn))
        {
            SqlParameter p1 = new SqlParameter("@1", TextBox2.Text);
            cmd.Parameters.Add(p1);
            conn.Open();
            SqlDataReader rdr = cmd.ExecuteReader();
            if (rdr.HasRows)
            {
                while (rdr.Read())
                {
                    TextBox3.Text=rdr["UserID"].ToString() ;
                }
            }
        }
    }
}
    • 0