Home/ Questions/Q 7865777
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-03T00:11:21+00:00

I have a web form where I need to add, update, delete and read

  • 0

I have a web form where I need to add, update, delete and read using a unique ID. So far I have managed to add, update and delete functions with little trouble.

However now I am having trouble getting my read function to work (understand I have a webform that has four text fields; ID, FIRSTNAME, SURNAME AND ADDRESS). Basically when an ID that has been previously created (using add button) is entered into the text field and the read button clicked it should update the other 3 text fields with the stored entries depending on the ID entered.

Here is my behind code (cs.) on the web form

protected void cmdRead_Click(object sender, EventArgs e)
{
   // Create a reference to the Web service
   DbWebService.WebService1 proxy = new DbWebService.WebService1();

   // Create a person details object to send to the Web service.
   string ADDRESS;
   string SURNAME;
   string FIRSTNAME;
   string ID;

   ADDRESS = txtAddress.Text;
   SURNAME = txtSurname.Text;
   FIRSTNAME = txtFirstname.Text;
   ID = txtID.Text;

   // Attempt to store in the Web service
   bool rsp = proxy.ReadPerson(int.Parse(ID), FIRSTNAME, SURNAME, ADDRESS);

   // Inform the user
   if (rsp)
   {
       lblOutcome.Text = "Successfully read data.";

       txtFirstname.Text = FIRSTNAME;
       txtSurname.Text = SURNAME;
       txtAddress.Text = ADDRESS;
   }
   else
   {
       lblOutcome.Text = "Failed to read data! Select a previously created ID!";
   }
}

and here is my web function on the web service (which is where the SQL Server Express database is)

[WebMethod]
public bool ReadPerson(int ID, string FIRSTNAME, string SURNAME, string ADDRESS)
{
   // In case of failure failure first
   bool rtn = false;

   // Connect to the Database
   SqlConnection connection = new SqlConnection(@"Data Source=.\SQLEXPRESS;AttachDbFilename='|DataDirectory|\Database.mdf';Integrated Security=True;User Instance=True");

   // Open the connection
   connection.Open();

   // Prepare an SQL Command
   SqlCommand command = new SqlCommand(String.Format("SELECT FIRSTNAME, SURNAME, ADDRESS FROM PersonalDetails WHERE ID = '{0}'", ID), connection);

   // Execute the SQL command and get a data reader.
   SqlDataReader reader = command.ExecuteReader();

   // Instruct the reader to read the first record.
   if (reader.Read())
   {
      // A record exists, thus the return value is updated
      FIRSTNAME = (string)reader["FIRSTNAME"];
      SURNAME = (string)reader["SURNAME"];
      ADDRESS = (string)reader["ADDRESS"];

      rtn = true;
   }

   // Close the connection
   connection.Close();

   // Return the result.
   return (rtn);

}

Now the problem is when I click read I get a success message (using a label as you can see in the behind code) but the fields don’t update, I assume this is because of the (rtn = true;) statement. Therefore I thought something like this might work: 

rtn = (bool)reader["ADDRESS"];

However with this I get a specified cast is not valid, so I figure maybe the bool doesn’t work in this context, I think it might work if I use string instead but how do I convert, I think rtn needs a value in regards to the reader right??

Basically I am just looking for a solution to which will update the text fields in the web form.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    There are several problems with your code. The most obvious is that your code cannot ever return the data from the database. You are sending FIRSTNAME etc. to the web service – you are not returning them from the web service.

    There is no reason to have a bool return from the service to tell you whether or not it succeeded. Let the service throw an exception if it failed. Instead, you should return the fields from the database as the return of the service.

    In the service:

    public class Person
{
    public string FIRSTNAME {get;set;}
    public string SURNAME {get;set;}
    public string ADDRESS {get;set;}
}

[WebMethod]        
public Person ReadPerson(int ID)        
{        
    // ...
    if (reader.Read()) 
    { 
        // A record exists, thus return the value
        Person p = new Person();
        p.FIRSTNAME = (string)reader["FIRSTNAME"]; 
        p.SURNAME = (string)reader["SURNAME"]; 
        p.ADDRESS = (string)reader["ADDRESS"]; 

        rtn = p;
   } 

    connection.Close();          

    return rtn; 
}

    Also, you should not be using a WebMethod or an ASMX web service unless you have no choice. ASMX is a legacy technology which is kept around only for backwards compatability. It should not be used for new development. You should use WCF instead.

    The other issues with your code are resolved below:

    [WebMethod]
public Person ReadPerson(int id)
{
    using (
        var connection =
            new SqlConnection(
                @"Data Source=.\SQLEXPRESS;
        AttachDbFilename='|DataDirectory|\Database.mdf';
        Integrated Security=True;
        User Instance=True")
        )
    {
        connection.Open();

        using (
            var command =
                new SqlCommand(@"
SELECT FIRSTNAME, SURNAME, ADDRESS 
FROM PersonalDetails 
WHERE ID = @id",
                    connection))
        {
            var idParameter =
                command.Parameters.Add(
                    "@id", SqlDbType.Int);
            idParameter.Value = id;

            using (var reader = command.ExecuteReader())
            {
                if (!reader.Read())
                {
                    return null;
                }

                return new Person
                            {
                                Firstname =
                                    (string)
                                    reader["FIRSTNAME"],
                                Surname =
                                    (string)
                                    reader["SURNAME"],
                                Address =
                                    (string)
                                    reader["ADDRESS"]
                            };
            }
        }
    }
}

    The main issue is that the SqlConnection, SqlCommand, and SqlDataReader all need to be instantiated inside of using blocks. This ensures that the objects are disposed of (closed) whether or not an exception is thrown.

    Next, you should not get into the habit of building queries through string manipulation; not even using String.Format. That leaves you open to “SQL Injection” attacks. Using parameters resolves that problem. See “Commands and Parameters ” in MSDN.

    One last minor issue: I recommend that you get out of the habit of placing comments on obvious statements. For instance, it’s not necessary to comment that Open opens the connection to the database, or that return returns a value.

    • 0