Home/ Questions/Q 641949
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-13T21:07:06+00:00

string queryStr = select max(patient_history_date_bio) + as med_date, medication_name from biological where + (patient_id

  • 0
string queryStr = "select max(patient_history_date_bio) " +
    "as med_date, medication_name from biological where " +
    "(patient_id = " + patientID.patient_id + ") " +
    "group by medication_name;";



using (var conn = new SqlConnection(connStr))
using (var cmd = new SqlCommand(queryStr, conn))
{
    conn.Open();

    using (SqlDataReader rdr = cmd.ExecuteReader())
    {
        int count = 0;

        while (rdr.Read())
        {
            MessageBox.Show("test");
            med.medication_date[count] = new DateTime();

            med.medication_date[count] = DateTime.Parse(rdr["med_date"].
                ToString());

            MessageBox.Show("test2");

            med.medication_name[count] = rdr["medication_name"].ToString();

            count++;
        }
    }

    conn.Close();
}

so i’m trying to read this sql statement. “test” message box displays, but not “test2”. I tried running the sql statement in VS by itself (in the server explorer), and the sql statement works. it gives me what i want. but somehow, the code doesn’t work… does anyone see why?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Assuming patient_id is some sort of integer (or is it a Guid), my assumption is that the current culture of your program is causing the ToString method call on int to be formatted in a way that is returning something that the parser can’t parse (e.g. “1,234,567”).

    Generally, the way you are executing this statement is not a best-practice. While you might not be susceptible to injection attacks if the id is indeed an int (you are most definitely open to them if it’s a string), you generally want to parameterize the queries.

    The reason for this is not only to protect against injection attacks, but because it will properly format the parameter in the query string according to the type.

    Another thing to point out about your code is how you are retrieving the values from the reader. You are effectively calling ToString on the DateTime instance, then calling Parse on the string to get a DateTime back.

    This effectively burns cycles. All you need to do is cast (unbox in the case of value types) the value back.

    So where you have:

    med.medication_date[count] = DateTime.Parse(rdr["med_date"].
    ToString());

    You should have:

    med.medication_date[count] = (DateTime) rdr["med_date"];

    All that being said, as to why the second message box is not showing, my first guess is that you are executing this in an event handler in a Windows Forms application, and that an exception is being thrown.

    I think that what you will find is that if medication_date is an array, then it hasn’t been initialized and you are getting a NullReferenceException or something about the array index being out of bounds.

    • 0