Accessing data from sqldatereader within a function - asp.net

I want to output some data to the user based on their username. This data is held in a table that is linked to the aspnet_Users table. I'm trying to write a sqldatareader as part of a function so I don't have to rewrite the code when it could be called from several pages. I know this is probably very simple buty I can't seem to access the data from outside the function. The function I have so far is as follows:
Public Shared Function AgencyDetails() As SqlDataReader
Dim details As String = "SELECT * FROM tbl_Relationships WHERE ContactSub = #Username"
Dim connString As String = ConfigurationManager.ConnectionStrings("ApplicationServices").ConnectionString
Using dbConnection As New SqlConnection(connString)
dbConnection.Open()
Dim cmdAgency As New SqlCommand(details, dbConnection)
cmdAgency.Parameters.AddWithValue("#Username", membership.getuser)
Return cmdAgency.ExecuteReader()
End Using
End Function
How can I call this function and access the information on my page? Something like the following?
lblAgencyDetails.text = AgencyDetails(0)
Thanks

The way you have it now, it won't work because you enclosed the connection in a using statement, by the time you return the Reader the connection will be closed and disposed so the reader won't be able to read anything.
What you should do in that function is load the info in a DataTable and return the datatable.
Example:
Public Shared Function AgencyDetails() As DataTable
Dim details As String = "SELECT * FROM tbl_Relationships WHERE ContactSub = #Username"
Dim connString As String = ConfigurationManager.ConnectionStrings("ApplicationServices").ConnectionString
Using dbConnection As New SqlConnection(connString)
dbConnection.Open()
Dim cmdAgency As New SqlCommand(details, dbConnection)
cmdAgency.Parameters.AddWithValue("#Username", membership.getuser)
Dim dt as new DataTable()
dt.Load(cmdAgency.ExecuteReader())
return dt
End Using
End Function
You can access the rows in the data table by doing:
For Each row as DataRow in dt.Rows
Console.WriteLine(row("ColumnName"))
Next

To be able to retrieve the data from the DataReader object, you should call the Read() method:
While reader.Read()
Console.WriteLine(String.Format("{0}, {1}", _
reader(0), reader(1)))
End While
This method moves the SqlDataReader to the next record.

Related

How can I add a scalar variable for an SQL command In a function that doesn't house my query directly?

I will try to keep this as brief as possible.
I have a function called GetData(ByVal query As String) whose sole purpose is to populate a data table multiple times based on certain conditions. As you can see, the function accepts a string variable where the SQL statement resides. What I am trying to do is add a scalar variable, "#date" in my case, and no matter where I try to add this variable it throws an error stating "Must declare scalar variable #date.
Edit: I should mention that it is throwing the "must declare variable" error on the sda.Fill(dt) line.
GetData Function
Private Shared Function GetData(ByVal query As String) As DataTable
Dim constr As String = ConfigurationManager.ConnectionStrings("WarrantyConnectionString").ConnectionString
Using con As SqlConnection = New SqlConnection(constr)
Using cmd As SqlCommand = New SqlCommand(query)
Dim dt As DataTable = New DataTable()
cmd.Parameters.Add("#date", SqlDbType.Date).Value = Date.Today
Using sda As SqlDataAdapter = New SqlDataAdapter(query, con)
cmd.Parameters.AddWithValue("#date", Date.Today)
sda.Fill(dt)
End Using
Return dt
End Using
End Using
End Function
I am calling the function in a procedure that has the query and handles all of the conditions I need.
Procedure
Dim queryStart As String = "SELECT ( SELECT SUM(DealerNet) FROM Agreement WHERE VoidDate IS NULL "
Dim queryAlias As String = "AS Actual, "
Dim queryStart2 As String = "(SELECT SUM(Amount) FROM AccountingUS.dbo.ProjectedSales "
Dim queryAlias2 As String = "AS Projected "
If chart = "pmtd" Then
Dim queryCondition As String = "AND IssueDate BETWEEN (SELECT DATEADD(MONTH, DATEDIFF(MONTH, 0, #date)-1, 0)) AND #date) "
Dim queryCondition2 As String = "WHERE [Month] = MONTH(#date) AND [Year] = YEAR(#date)) "
Dim query As String = queryStart + queryCondition + queryAlias + queryStart2 + queryCondition2 + queryAlias2
Dim xMember1 As String = "Actual"
Dim xMember2 As String = "Projected"
Dim dt As DataTable = GetData(query)
pmtdChart.DataSource = dt
The variable in question is the #date variable in the strings within the "If" statement, the only value it holds is todays date. Currently, I have tried to use "cmd.Parameters.Add("#date", SqlDbType.Date).Value = Date.Today in the GetData function, however, I still receive the same "Must declare scalar variable" error. I have also tried replacing the #date variable with simply "" + Date.Today + "" or a variable that holds todays date, but upon doing so I receive an operand error about "Operand Clash: Date is incompatible with Int"
Any help regarding this issue would be greatly appreciated, I am relatively new to programming and would appreciate any tips or criticisms regarding best practices. If you need any additional information or clarification regarding this issue I would be happy to provide what I can. Thank you in advance.
Ok, a few things:
I would actually pass a command object to that get data routine.
And your issue is you feeding the query to the "adaptor", but NOT supplying the #date parameter to that "sda"
this:
Using sda As SqlDataAdapter = New SqlDataAdapter(query, con)
cmd.Parameters.AddWithValue("#date", Date.Today)
sda.Fill(dt)
End Using
In other words, you NOT EVEN using the cmd object!!!
So, you would need to add the parameter's to the sda object!!
eg this:
Public Function GetData(ByVal query As String) As DataTable
Dim dt As DataTable = New DataTable()
Dim constr As String =
ConfigurationManager.ConnectionStrings("WarrantyConnectionString").ConnectionString
Using con As SqlConnection = New SqlConnection(constr)
Using sda As SqlDataAdapter = New SqlDataAdapter(query, con)
sda.SelectCommand.Parameters.Add("#date", SqlDbType.Date).Value = Date.Today()
sda.Fill(dt)
End Using
End Using
Return dt
End Function
So, yes, you WILL get that error about "#date" not being declared, since you NOT using the cmd object to fill the table, but are using the data adaptor.
So, as a future suggest?
Pick one way, or the other way.
I MUCH over the years have decided that I will use/have/adopt and cookie cut over and over the SqlCommand object.
I find the Sql cmd object better, since:
it has the parameters.
it has a connection object (if you want to use)
it has a data reader built in
So, what this means?
I suggest this code for get data:
Private Shared Function GetData(ByVal query As String) As DataTable
Dim constr As String =
ConfigurationManager.ConnectionStrings("WarrantyConnectionString").ConnectionString
Dim dt As DataTable = New DataTable()
Using con As SqlConnection = New SqlConnection(constr)
Using cmd As SqlCommand = New SqlCommand(query, con))
con.Open()
cmd.Parameters.Add("#date", SqlDbType.Date).Value = Date.Today
dt.Load(cmd.ExecuteReader)
End Using
End Using
Return dt
End Function
So, we don't need a data adaptor. In fact, you only need a adaptor if you going to update the resulting table (think a "adaptive" table to remember this). You not going to update the data, so really, no need to use a "adaptor" at all here. (and sadly, far too many examples use a "adaptor" anyway. They are for ALLOWING update of the data table, and you not doing that!
So, use a command object. Do note that you ALWAYS must then open the confection, but since we have "using" blocks, it will ALWAYS be closed for you.
And note how then we don't create to "use" the "reader" from the adaptor, nor a fill command. (so, we eliminated one whole confusing object!!).
So, in your example, you created a SQL command object, correctly added the parameter to the command object, but THEN DON'T use it, and then decided to create a data adaptor, and use that!!!
So, you could/can leave your code as you had with the sda "prameter " fix I posted above.
However, but I think your better off to use a sql command object.
Note even better?
Pass the command object to the GetData routine.
I have a global "general" purpose routine called MyRstP(), and I pass it a command object, even for just plain jane sql.
but, if you decide to add parameter's, you can!
Do note that parameter's can be added 100% independent of the SQL string, and they can be added before, or after you set the sql string.
And you can add parameter's WITHOUT a valid working connection (or have created one just yet). So, "parameters" are just a colleciton - it does not care about the SQL (well, at least not yet!!).
So, here is my RstP, and I dumped this into a plain jane "module1" which VB has (this means you don't have to create a static class, and this works then just like VB6, or VBA.
So, this:
Public Function MyRstP(cmdSQL As SqlCommand, ByVal Optional strCon As String = "") As DataTable
If strCon = "" Then
strCon = My.Settings.TEST4
End If
Dim rstData As New DataTable
Using conn As New SqlConnection(strCon)
Using (cmdSQL)
cmdSQL.Connection = conn
conn.Open()
rstData.Load(cmdSQL.ExecuteReader)
End Using
End Using
Return rstData
End Function
So, now to say fill a grid view, I use this:
Dim strSQL As String =
"SELECT id, HotelName, City FROM tblHotelsA"
Dim cmdSQL As New SqlCommand(strSQL)
GridView1.DataSource = MyRstP(cmdSQL)
GridView1.DataBind()
or say a given date of some such:
How about all hotel visit dates from start of year.
So, this:
Dim strSQL As String =
"SELECT id, HotelName, City FROM tblHotelsA
WHERE VisitDate >= #dtStart"
Dim dtStart As DateTime
dtStart = DateSerial(DateTime.Today.Year, 1, 1)
Dim cmdSQL As New SqlCommand(strSQL)
cmdSQL.Parameters.Add("#dtStart", SqlDbType.DateTime).Value = dtStart
GridView1.DataSource = MyRstP(cmdSQL)
GridView1.DataBind()
note then how I have that MyRstP (like your get data), but I can pass it quite much anything I want, including parameter's from the "calling" code, NOT in that general routine.
Anyway, the above use and adding the parameter's to the "adaptor" will fix this, but I would change over to using just a command object and a connection - the adaptor really not required, and as noted, they really are to be used WHEN you actually want to update the data table, and then send it back to the database in one shot.
If you look closely, you setup a cmd command, but you never actually pass it to the DataTable. So it doesn't know anything about your params.
How about this instead (copied untested from Trying to pass SqlCommand in SqlDataAdapter as parameters):
DataTable dt = new DataTable();
using (SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings("WarrantyConnectionString").ConnectionString))
{
con.Open();
using (SqlCommand cmd = con.CreateCommand())
{
cmd.CommandText = query;
cmd.CommandType = CommandType.Text;
cmd.Parameters.Add("#date", SqlDbType.Date)
cmd.Parameters.AddWithValue("#date", Date.Today)
using (SqlDataAdapter adp = new SqlDataAdapter(cmd))
{
adp.Fill(dt);
return dt;
}
}
}
Dim dt as new DataTable()
using db as new SqlConnection(ConfigurationManager.ConnectionStrings("WarrantyConnectionString").ConnectionString)
db.Open();
using cmd as New SqlCommand(query, con)
cmd.Parameters.Add("#date", SqlDbType.Date).value = Date.Today
//cmd.Parameters.AddWithValue("#date", Date.Today)
using adp as new SqlDataAdapter(cmd)
adp.Fill(dt)
return dt
End using
End using
End using

Different output from stored procedure in SSMS and ASP.NET

I created a stored procedure to include a new user for my system. Parameters are: Name, Mail and Password (all varchar). The stored procedure first checks if the mail is already in the database. If not, then the information in added to the table. At the end, the output is a table with the user data.
CREATE PROCEDURE [dbo].[user_new]
(#name VARCHAR(50),
#mail VARCHAR(50),
#password VARCHAR(100)
)
AS
BEGIN
SET NOCOUNT ON
DECLARE #exist INT
SELECT #exist = COUNT([id])
FROM [dbo].[User]
WHERE [mail] = #mail
IF #exist = 0
INSERT INTO [dbo].[User] ([name], [mail], [password])
VALUES (#name, #mail, #password)
SELECT
#exist AS [exist], [id], [name], [mail]
FROM
[dbo].[User]
WHERE
[mail] = #mail
END
GO
When I execute the stored procedure in SSMS, everything works fine: when I insert a new mail, field [exist] returns 0. When I insert a mail that already exist, field [exist] returns 1. So far, so good.
When I execute the stored procedure from my .NET application (which has a lot of other calls that are working fine), the error happen: no matter if I try to add a new or an existing mail, [exist] always returns 1. I tried to change the logic several times, but I always get the wrong result.
Here is the .NET code:
Public Function api_v2_player_new(<FromBody> s As User) As Object
Dim arrParameters(,) As String = {{"#name", s.Name}, {"#mail", s.Mail}, {"#password", s.Password}}
Dim dtc As Data.DataTableCollection = SQL.Execute("dbo.user_new", arrParameters)
Return SQL.toJson(dtc(0))
End Function
Public Class SQL
Public Shared Function runStoredProcedure(ByVal cmd As SqlCommand) As Data.DataTableCollection
Dim spName As String = cmd.CommandText.ToString
cmd.CommandTimeout = 120
Dim cs As String = System.Configuration.ConfigurationManager.ConnectionStrings("csKickerliga").ConnectionString
Dim connection As SqlConnection = Nothing
connection = New SqlConnection(cs)
Dim dt As DataTable = New DataTable()
cmd.Connection = connection
connection.Open()
Dim adp As New SqlDataAdapter(cmd)
Dim ds As DataSet = New DataSet()
cmd.ExecuteNonQuery()
adp.Fill(ds, spName)
Return ds.Tables
connection.Close()
End Function
Shared Function Execute(spName As String, arrParameters(,) As String) As Data.DataTableCollection
Dim cmd As SqlCommand = New SqlCommand(spName)
cmd.CommandType = CommandType.StoredProcedure
With cmd.Parameters
For i = 0 To (arrParameters.Length / 2) - 1
.AddWithValue(arrParameters(i, 0), arrParameters(i, 1))
Next
End With
Dim dtc = runStoredProcedure(cmd)
Return dtc
End Function
Shared Function toJson(dt As DataTable) As List(Of Object)
Dim oList As New List(Of Object)
Dim o As New Dictionary(Of String, Object)
Dim data As Object
For Each r As DataRow In dt.Rows
o = New Dictionary(Of String, Object)
For Each c As DataColumn In dt.Columns
If IsNumeric(r(c.ColumnName)) Then
If Not r(c.ColumnName).ToString.Contains(".") Then
data = CInt(r(c.ColumnName))
Else
data = r(c.ColumnName).ToString
End If
Else
data = r(c.ColumnName).ToString
End If
o.Add(c.ColumnName, data)
Next
oList.Add(o)
Next
Return oList
End Function
End Class
Found the issue. The code was executing the stored procedure twice:
cmd.ExecuteNonQuery()
adp.Fill(ds, spName)
Therefore on the recond run the record already existed because it was created on the first run. I removed one of the lines and now it's working!

Get Oracle.DataAccess.Types.OracleClob instead of actual value

I'm having an issue, I'm calling a procedure on oracle 11g, the prucedure receives a clob and responds with a different CLOB, a VARCHAR2 and a Number. The procedure is called from a ASP.NET (on Visual Basic) webpage using oracle data provider (ODP.NET), I can call the procedure successfully, view the VARCHAR2 and NUMBER returned values, but when I try to see the returned value of the returning CLOB all I get is "Oracle.DataAccess.Types.OracleClob" instead of a expecting XML
I know the returned XML is generated because on the store procedure I create a txt file where it shows the expected result
My code it's pretty simple right now:
Function Index() As String 'ActionResult
Dim xml_message As String
Dim oradb As String = "Data Source=127.0.0.1;User Id=id;Password=pass;"
Dim conn As New OracleConnection(oradb)
Dim oracleDataAdapter As New OracleDataAdapter
oracleDataAdapter = New OracleDataAdapter()
Dim cmd As New OracleCommand
cmd.Connection = conn
cmd.CommandType = CommandType.StoredProcedure
cmd.CommandText = "Common.GetDriverPoints"
cmd.BindByName = True
Dim driver_input As New OracleParameter()
driver_input = cmd.Parameters.Add("p_driver", OracleDbType.Clob)
driver_input.Direction = ParameterDirection.Input
driver_input.Value = <THE_SENDED_XML_VALUE>
Dim driver_output As New OracleParameter()
driver_output = cmd.Parameters.Add("p_output", OracleDbType.Clob)
driver_output.Direction = ParameterDirection.Output
Dim error_flag As New OracleParameter()
error_flag = cmd.Parameters.Add("p_Return", OracleDbType.Int16)
error_flag.Direction = ParameterDirection.Output
Dim error_desc As New OracleParameter()
error_desc = cmd.Parameters.Add("p_ReturnDesc", OracleDbType.Varchar2, 100)
error_desc.Direction = ParameterDirection.Output
conn.Open()
cmd.ExecuteNonQuery()
Dim output As String
output = driver_output.Value.ToString() 'This only returns Oracle.DataAccess.Types.OracleClob
conn.Close()
conn.Dispose()
Return output
End Function
Also, the generated xml is around 55Kb, sometimes it's bigger
Thank you
I manage to find the answer, In case someone have the same problem, basically what has to be done is create another clob, used only on for vb.net, that clob will receive the value of the parameter output from the procedure, then cast to a string variable the local clob.
Example:
Dim output As String
Dim myOracleClob As OracleClob = driver_output.Value
output = System.Convert.ToString(myOracleClob.Value)
Now the "output" variable holds the actual message of the clob.
Hope this helps anybody with the same problem.

.Net ADO Connection Class

I created a connection class that should return a datatables/datareaders etc to my webpages. I am worried that the connections won't be closed properly by using this class. Here is the class:
Imports Microsoft.VisualBasic
Namespace myConnection
Public Class DB
Public Shared Function GetConnStr()
Return "server=foobar"
End Function
Public Shared Function OpenConn()
Return New System.Data.SqlClient.SqlConnection( GetConnStr )
End Function
Public Shared Function OpenReader(SQL As String)
Dim conn
conn = OpenConn
conn.Open
Return New System.Data.SqlClient.SqlCommand(SQL, conn).ExecuteReader(System.Data.CommandBehavior.CloseConnection)
End Function
Public Shared Function OpenTable(SQL As String)
Dim conn
conn = OpenConn
conn.Open
Dim dr As System.Data.SqlClient.SqlDataReader = New System.Data.SqlClient.SqlCommand(SQL, conn).ExecuteReader(System.Data.CommandBehavior.CloseConnection)
Dim dt As System.Data.DataTable = New System.Data.DataTable()
dt.Load(dr)
Return dt
End Function
Public Shared Function ExecuteSQL(SQL As String)
Dim conn
conn = OpenConn
conn.Open
Return New System.Data.SqlClient.SqlCommand(SQL, conn).ExecuteNonQuery()
End Function
End Class
End Namespace
And Here is how I am using it:
rst = conn.OpenReader(SQL)
While rst.Read
end while
rst.close
I am worried that once I go into production the connections won't be close properly and my site will fail. I am new to .net, is there anything wrong with the principal behind this class?
You are right: your connection won't be closed this way. Even worse, by only accepting strings for your sqlcommand you open yourself up to sql injection security vulnerabilities. As an example of a better pattern, the code I use to fill a data table looks more like this:
Public Function GetDataTable(ByVal sql As String, ByVal AddParameters As Action(Of SqlParameterCollection)) As DataTable
Dim result As New DataTable()
Using cn As SqlConnection = OpenConn(), _
cmd As New SqlCommand(sql, cn)
AddParameters(cmd.Parameters)
Using rdr As SqlDataReader = cmd.ExecuteReader
result.Load(rdr)
End Using
End Using
Return result
End Function
I would then call the code like this:
Dim data As DataTable = GetDataTable("SELECT * FROM SomeTable WHERE ID= #ID", _
Sub(p)
p.Add("#ID", SqlDbType.Int).Value = 12345
End Sub )
I have similar code in C# for an SqlDataReader, but it requires using an iterator block and that feature is not available for VBwas only just added to VB.Net with the service pack for visual studio 2010 and Async CTP out a few weeks ago. The important thing to take away here is that I have the sql connection correctly encapsulated with a Using block and the code encourages the correct use of query parameters.
Unfortunately, I agree with one of the other comments. Why are you writing your own connection classes?
Use ADO.NET EF or LINQ To SQL which will manage the connections in the Context.
If you do continue to do what you are doing, wrap your connection in a Using block.
I use a module to call the database, saves alot of lines if your usin multiple forms...
This is my module form:
Public cn As OleDbConnection
Public Sub InitDatabase()
Dim sDBase As String = "DB.mdb"
cn= New OleDbConnection
cn.ConnectionString = "Provider=Microsoft.JET.OLEDB.4.0; Data Source=" & sDBase
End Sub
then for callin the database use this:
Private ds As New DataSet
Private da As New OleDbDataAdapter
modWijnen.InitDatabase()
Dim cm As New OleDbCommand("Select * from Table1", cn)
da = New OleDbDataAdapter(cm)
If (ds.Tables.Contains("Table1") = False) Then
da.Fill(ds, "Table1")
End If
I hope this has been helpfull for you...

database search function

i want to search a record from sql database searching by first name so im using a function in the data layer but it is not working please correct me where i went wrong here is my function:
Public Function searchCustomer(ByVal custFname As String) As DataTable
Dim tabletdata As New DataTable
Dim conn As New SqlConnection(con_string)
conn.Open()
Dim dCmd As New SqlCommand("selectCustomerByFname", conn)
dCmd.CommandType = CommandType.StoredProcedure
Try
dCmd.Parameters.AddWithValue("#Cust_Fnam", custFname)
'dCmd.ExecuteNonQuery()
Dim dadaptr As New SqlDataAdapter(dCmd)
dadaptr.SelectCommand = dCmd
dadaptr.SelectCommand.ExecuteNonQuery()
dadaptr.Fill(tabletdata)
Return tabletdata
Catch
Throw
Finally
dCmd.Dispose()
conn.Close()
conn.Dispose()
End Try
End Function
Fill method opens and close connection implicitly. Fill Method
SUMMARY: The Fill method retrieves
rows from the data source using the
SELECT statement specified by an
associated SelectCommand property. The
connection object associated with the
SELECT statement must be valid, but it
does not need to be open. If the
connection is closed before Fill is
called, it is opened to retrieve data,
then closed. If the connection is open
before Fill is called, it remains
open.
Public Function searchCustomer(ByVal custFname As String) As DataTable
Dim tabletdata As New DataTable
Dim conn As New SqlConnection(con_string)
Dim dCmd As New SqlCommand("selectCustomerByFname", conn)
dCmd.CommandType = CommandType.StoredProcedure
dCmd.Parameters.AddWithValue("#Cust_Fnam", custFname)
Dim dadaptr As New SqlDataAdapter(dCmd)
dadaptr.SelectCommand = dCmd
dadaptr.Fill(tabletdata)
Return tabletdata
End Function

Resources