Home/ Questions/Q 6938029
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T12:26:22+00:00

My code: SqlConnection con = new SqlConnection(WebConfigurationManager.ConnectionStrings[myConnectionString].ConnectionString); SqlCommand cmd = new SqlCommand(); //………. cmd.CommandText

  • 0

My code:

SqlConnection con = new SqlConnection(WebConfigurationManager.ConnectionStrings["myConnectionString"].ConnectionString);
SqlCommand cmd = new SqlCommand();
//..........
cmd.CommandText = "SELECT * FROM TempQn WHERE creatorId=  '" +
Session["administratorID"].ToString() + "'";  
dr = cmd.ExecuteReader();  
while (dr.Read())
{
    int ids = Int32.Parse(dr["QuestionID"].ToString());
    cmd.CommandText = " INSERT INTO Answers (QuestionId,Answer) Select c.QnId, c.Answer From TempAns c Where c.Id = " + ids + " ";
    cmd.ExecuteNonQuery(); //this line
}
dr.Close();

The error is:

There is already an open DataReader associated with this Command which must be closed first.

What kind of command should replace the cmd.ExecuteNonQuery();?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You can’t execute any further SQL statements as long as the DataReader is “active”.

    To overcome this, store list of the SQL statements then exeucute them after reading:

    cmd.CommandText = "SELECT * FROM Question WHERE SurveyID= '" + sID + "'";    
dr = cmd.ExecuteReader();  
List<string> arrSQL = new List<string>();
while (dr.Read())
{
    int ids = Int32.Parse(dr["QuestionID"].ToString());
    arrSQL.Add("INSERT INTO Answers (QuestionId,Answer) Select c.QnId, c.Answer From TempAns c Where c.Id = " + ids + " ");
}
dr.Close();

arrSQL.ForEach(strSQL =>
{
    cmd.CommandText = strSQL;
    cmd.ExecuteNonQuery();
});

    Your current code is vulnerable to SQL injection attacks though and isn’t good practice – you better use Parameter instead of injecting value to the raw SQL – here is how to achieve that:

    cmd.CommandText = "SELECT * FROM Question WHERE SurveyID=@id";
cmd.Parameters.AddWithValue("@id", sID);
dr = cmd.ExecuteReader();  
List<int> arrQuestions = new List<int>();
while (dr.Read())
{
    int ids = Int32.Parse(dr["QuestionID"].ToString());
    arrQuestions.Add(ids);
}
dr.Close();

cmd.CommandText =  "INSERT INTO Answers (QuestionId, Answer) Select c.QnId, c.Answer From TempAns c Where c.Id = @id";
arrQuestions.ForEach(id =>
{
    cmd.Parameters["@id"].Value = id;
    cmd.ExecuteNonQuery();
});
    • 0