Englishman Englishman - 3 months ago 21
C# Question

Detecting null value and replacing string C#

I'm currently having some issues with my CSV to SQL converter. The program is used to create commands to edit a databases user list updating or adding new ones. My issue is that if the user hasn't put a password in the CSV file i want it to be set as the user id. Ive currently got this IF statement trying to detect if the the string is empty but it always says that the string is empty and gives me my set pop up box even when i has text in the cell.

if (password != null)
{
System.Windows.Forms.MessageBox.Show("Setting Password to User ID");
}


Ive also tried password = password.replace(userid)but it doesnt change the string. Ive included my whole code below if that helps.

private void LoadBtn_Click(object sender, EventArgs e)
{
//Opens a browse box to allow the user to select which file, only CSV's allow allowed
OpenFileDialog openFileDialog1 = new OpenFileDialog();
openFileDialog1.Filter = "CSV Files (*.csv)|*.csv";
openFileDialog1.FilterIndex = 1;

//empties text box when clicked | loads file location and name to load directory text box at top
if (openFileDialog1.ShowDialog() == System.Windows.Forms.DialogResult.OK)
{
ConvertedText.Text = string.Empty;
LoadDirectory.Text = openFileDialog1.FileName.ToString();
}
string filename = LoadDirectory.Text;
string[] Lines = File.ReadAllLines(filename);
string[] Fields;


for (int i = 1; i < Lines.Length; i++)
{
string outfile = "";
Fields = Lines[i].Split(new char[] { ',' });
string userid = Fields[0];
string password = Fields[1];
string fullname = Fields[2];
string address = Fields[3];
string telephone = Fields[4];
string email = Fields[5];
string role = Fields[6];
string department = Fields[7];

if (password != null)
{
System.Windows.Forms.MessageBox.Show("Setting Password to User ID");
}

outfile += "IF exists (SELECT USERID FROM WUSERS WHERE USERID='" + userid + "')" + Environment.NewLine;
outfile += "begin" + Environment.NewLine;
outfile += Environment.NewLine;

outfile += "-- Update it" + Environment.NewLine;
outfile += "print 'updated'" + Environment.NewLine;
outfile += "update WUSERS set FULLNAME= '" + fullname + "' where userid= '" + userid + "'" + Environment.NewLine;
outfile += "update WUSERS set PW= '" + password + "' where userid= '" + userid + "'" + Environment.NewLine;
outfile += "update WUSERS set addr= '" + address + "' where userid= '" + userid + "'" + Environment.NewLine;
outfile += "update WUSERS set telno= '" + telephone + "' where userid= '" + userid + "'" + Environment.NewLine;
outfile += "update WUSERS set email= '" + email + "' where userid= '" + userid + "'" + Environment.NewLine;
outfile += "update WUSERS set ROLEID= '" + role + "' where userid= '" + userid + "'" + Environment.NewLine;
outfile += "update WUSERS set dept= '" + department + "' where userid= '" + userid + "'" + Environment.NewLine;
outfile += "end" + Environment.NewLine;

outfile += "else" + Environment.NewLine;
outfile += "begin" + Environment.NewLine;
outfile += "-- add it" + Environment.NewLine;
outfile += "print 'added'" + Environment.NewLine;
outfile += "insert into WUSERS (USERID,PW,FULLNAME,ADDR,TELNO,EMAIL,ROLEID,DEPT) Values ('" + userid + "','" + password + "','" + fullname + "','" + address + "','" + telephone + "','" + email + "','" + role + "','" + department + "')";
outfile += Environment.NewLine;
outfile += "end";
outfile += Environment.NewLine;
outfile += Environment.NewLine;
outfile += Environment.NewLine;
outfile += "-----------------------------------------------------------------------------------------------------------------------------------------------";
outfile += Environment.NewLine;
outfile += Environment.NewLine;
outfile += Environment.NewLine;

ConvertedText.AppendText(outfile);

}

}


Thank you in advance for any input.

Owen

Answer

Probably you want

if (password == null)

but I suggest you to use the more complete

if(string.IsNullOrWhiteSpace(password))
   ...error message...

Said that I can't avoid to warn you about the code that follow. I hope that all those UPDATE WUSERS are not used to really update a database. This method of string concatenation is well know for its problems, from the more simple to the worst one you get, Syntax Errors, Parsing errors, Sql Injection attacks.