Home/ Questions/Q 7014637
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T22:32:51+00:00

I forget to return value in single tier application. public int Studentid() { try

  • 0

I forget to return value in single tier application.

public  int Studentid()
    {
        try
        {
            SqlConnection con = new SqlConnection(connectionStr);
            SqlCommand cmd = new SqlCommand("SELECT s_id FROM student where name = + ('" + Request.QueryString.ToString() + "')", con);
            con.Open();
            SqlDataReader dr = null;
            con.Open();
            dr = cmd.ExecuteReader();
            if (dr.Read())
            {
                //Want help hear how I return value
            }

            con.Close();
        }
        catch (Exception ex)
        {
            throw ex;
        }
    }
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Here is a version of your method that achieves what you’re after.

    public int GetStudentId()
{
    var sql = string.Format("SELECT s_id FROM student where name = '{0}'", Request.QueryString);
    using (var con = new SqlConnection(connectionStr))
    using (var cmd = new SqlCommand(sql, con))
    {
        con.Open();
        var dr = cmd.ExecuteReader();
        return dr.Read() ? return dr.GetInt32(0) : -1;
    }
}

    There’s no need to use try/catch when you don’t do anything with the exception except re-throw (and in fact you were losing the original stack trace by using throw ex; instead of just throw;. Also, the C# using statement takes care of cleaning up your resources for you in fewer lines of code.

    IMPORTANT

    Passing the query string directly into SQL like that means that anyone can execute random SQL into your database, potentially deleting everything (or worse). Read up on SQL Injection.

    • 0