Jump to content
Please Use CODE Tags

search record

Execute0426
By Execute0426
in Programming
 Share
Posted

Hi guys i have a problem with this code: 

 private void comboBox3_SelectedIndexChanged(object sender, EventArgs e)
        {

            listView1.Items.Clear();
            db.Open();
            MySqlCommand SQL1 = new MySqlCommand("Select * From dbbilling.tblcash where `CustomerName` = '" + comboBox3 + "';", db);

            try
            {
                MySqlDataReader dr = SQL1.ExecuteReader();
                while (dr.Read())
                {
                    ListViewItem item = new ListViewItem(dr[0].ToString());
                    item.SubItems.Add(dr[1].ToString());
                    item.SubItems.Add(dr[2].ToString());
                    item.SubItems.Add(dr[3].ToString());
                    item.SubItems.Add(dr[4].ToString());
                    item.SubItems.Add(dr[5].ToString());
                    item.SubItems.Add(dr[6].ToString());
                    item.SubItems.Add(dr[7].ToString());
                    item.SubItems.Add(dr[8].ToString());

                    listView1.Items.Add(item);
                }
                db.Close();
            }
            catch (Exception ex)
            {
                MessageBox.Show(ex.Message);
            }
        }

everytime i click the comboBox, nothings happen.. please help me.

Link to comment
https://linustechtips.com/topic/681471-search-record/
Share on other sites
Link to post
Share on other sites
Posted

You should use 

comboBox1.Items[comboBox1.SelectedIndex]

to get current combo box value.

 

Also dr need to be closed after you done with reading data, if you won't close it you won't be able to execute another one.

 

Did you set your ListView type to Details?

You still need to crate columns with 

listView1.Columns.Add("ColumnName")

You can loop trough dr.GetName() dr.FieldCount times to build all columns from db columns names.

Also you could loop trough dr values dr.FieldCount - 1 times to build your item.

Link to comment
https://linustechtips.com/topic/681471-search-record/#findComment-8764154
Share on other sites
Link to post
Share on other sites
Posted
On 10/26/2016 at 6:49 PM, Execute0426 said:

MySqlCommand SQL1 = new MySqlCommand("Select * From dbbilling.tblcash where `CustomerName` = '" + comboBox3 + "';", db);

Please take a little time to learn about SQL injection. It's pretty easy to understand and will save you in the long run. In this case, being a combobox, I could set it to the following 

'; Drop table dbbilling.tblcash; --

This would drop the table, with very little effort. Here's what the entire query looks like after everything is plugged in: 

MySqlCommand SQL1 = new MySqlCommand("Select * From dbbilling.tblcash where `CustomerName` = ''; Drop table tbbilling.tblcash; --';", db);

In this case, it ends the Select, and begins a drop. Once the drop is complete -- is used as a comment; any further code won't be run. Also, I completely agree with @Mr_KoKa here, though an alternative would be to use 

comboBox1.SelectedValue

Another thing: he is closing dr, but it won't always be closed. For instance, if an error occurs, it will remain open. This can be solved by putting the closing call outside the the try, or adding it to inside the catch

˙ǝɯᴉʇ ɹnoʎ ƃuᴉʇsɐʍ ǝɹɐ noʎ 'sᴉɥʇ pɐǝɹ oʇ ƃuᴉʎɹʇ ǝɹɐ noʎ ɟI

Link to comment
https://linustechtips.com/topic/681471-search-record/#findComment-8768197
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Programming

×