Develop Reference

else condition not working when reader hasrows is false

Can somebody tell me why the else condition is not working in the code below.
The link button in asp.net web application has following code in code behind: a parameterized SqlCommand fetch a row from a SQL Server database, the SqlDataReader rdr1.HasRows in if condition is working fine but else condition did not work.
Code updated
protected void LinkButton1_Click(object sender, EventArgs e)
{
string comid = DropDownList4.SelectedValue.ToString();
using (SqlConnection con = new SqlConnection(cs))
{
SqlCommand cmd = new SqlCommand("Select * from Commercials Where id =" + comid, con);
con.Open();
SqlDataReader rdr = cmd.ExecuteReader();
while (rdr.Read())
{
string dur = rdr["duration"].ToString();
Char delimiter = '/';
string[] dd = DateTime.Parse(rdr["rodate"].ToString()).ToString("dd/MM/yyyy").Split(delimiter);
if (DropDownList3.SelectedValue.ToString().Contains("BOL NEWS") == true && DropDownList1.SelectedValue.ToString().Contains("After Headlines") == true)
{
SqlConnection con0 = new SqlConnection(cs);
string sql01 = "Select * from CTS Where air_time=(Select max(air_time) from CTS where air_date=#airdate and air_time Like #airtime and channel=#channel and Slot=#slot) and air_date=#airdate1";
con0.Open();
SqlCommand cmd1 = new SqlCommand(sql01, con0);
cmd1.Parameters.AddWithValue("#airdate", TextBox1.Text);
cmd1.Parameters.AddWithValue("#channel", DropDownList3.SelectedValue.ToString());
cmd1.Parameters.AddWithValue("#airtime", DropDownList2.SelectedValue.ToString().Substring(0, 2) + "%");
cmd1.Parameters.AddWithValue("#slot", DropDownList1.SelectedValue.ToString().Remove(0, 3));
cmd1.Parameters.AddWithValue("#airdate1", TextBox1.Text);
SqlDataReader rdr1 = cmd1.ExecuteReader();
while (rdr1.Read())
{
string startTime0 = rdr1["air_time"].ToString();
string addsec = rdr1["duration"].ToString();
if (rdr1.HasRows)
{
DateTime startTime1 = DateTime.ParseExact(startTime0, "HH:mm:ss", null);
string startHeadlines_ = startTime1.AddSeconds(int.Parse(addsec)).ToString("HH:mm:ss");
using (SqlConnection con2 = new SqlConnection(cs))
{
string type = "Commercial";
string year = dd[2].ToString().Substring(dd[2].ToString().Length - 2);
string HouseId = "CH1COM001" + rdr["rono"] + rdr["duration"] + "S" + dd[1] + dd[0] + year;
string sql1 = "Insert into CTS(air_date,air_time,HouseNumber,rono,Title,duration,Slot,type,channel)Values('" + TextBox1.Text + "','" + startHeadlines_ + "','" + HouseId + "','" + rdr["rono"] + "','" + rdr["slug"] + "','" + rdr["duration"] + "','" + DropDownList1.SelectedValue.Remove(0, 3) + "','" + type + "','" + DropDownList3.SelectedValue.ToString() + "')";
con2.Open();
SqlCommand InsertCmd = new SqlCommand(sql1, con2);
InsertCmd.ExecuteNonQuery();
con2.Close();
}
}
else
{
DateTime startTime = DateTime.ParseExact(DropDownList2.SelectedValue.ToString(), "HH:mm:ss", null);
string startHeadlines = startTime.AddSeconds(210).ToString("HH:mm:ss");
using (SqlConnection con1 = new SqlConnection(cs))
{
string type = "Commercial";
string year = dd[2].ToString().Substring(dd[2].ToString().Length - 2);
string HouseId = "CH1COM001" + rdr["rono"] + rdr["duration"] + "S" + dd[1] + dd[0] + year;
string sql = "Insert into CTS(air_date,air_time,HouseNumber,rono,Title,duration,Slot,type,channel)Values('" + TextBox1.Text + "','" + startHeadlines + "','" + HouseId + "','" + rdr["rono"] + "','" + rdr["slug"] + "','" + rdr["duration"] + "','" + DropDownList1.SelectedValue.ToString().Remove(0, 3) + "','" + type + "','" + DropDownList3.SelectedValue.ToString() + "')";
con1.Open();
SqlCommand InsertCmd = new SqlCommand(sql, con1);
InsertCmd.ExecuteNonQuery();
con1.Close();
}
}
}
con0.Close();
}
}
con.Close();
}
}

Asp.net with c# , insert and update in save button

I am using one button named as Button 1. In Button 1 button I perform insert as well as update. I can insert a new row. But when I update the row I had a error on that:
"ORA-00933: SQL command not properly ended ".
My code is:
protected void Button1_Click(object sender, EventArgs e)
{
string UserName = "UserName";
Session["UserName"] = lb1.Text;
TextBox TextBox1 = (TextBox)FindControl("TextBox1");
Label label11 = (Label)FindControl("label11");
TextBox TextBox2 = (TextBox)FindControl("TextBox2");
TextBox TextBox3 = (TextBox)FindControl("TextBox3");
TextBox TextBox4 = (TextBox)FindControl("TextBox4");
DropDownList DropDownList3 = (DropDownList)FindControl("DropDownList3");
DropDownList DropDownList1 = (DropDownList)FindControl("DropDownList1");
TextBox TextBox5 = (TextBox)FindControl("TextBox5");
TextBox TextBox6 = (TextBox)FindControl("TextBox6");
DropDownList DropDownList2 = (DropDownList)FindControl("DropDownList2");
TextBox TextBox7 = (TextBox)FindControl("TextBox7");
TextBox TextBox8 = (TextBox)FindControl("TextBox8");
{
con.Open();
OleDbDataAdapter da = new OleDbDataAdapter("select * from
service_master where req_no='" + this.TextBox1.Text.ToString() + "'", con);
DataSet ds = new DataSet();
da.Fill(ds);
if (ds.Tables[0].Rows.Count > 0)
{
string sql1 = "update service_master set req_no='" + this.TextBox1.Text.ToString() + "' , req_dt='" + label11.Text.ToString() + "',req_by='" + Session["UserName"].ToString() + "', ser_cd='" + TextBox3.Text.ToString() + "',serv_desc= '" + TextBox4.Text.ToString() + "',serv_grp_cd='" + DropDownList3.SelectedItem.Value.ToString() + "',base_uom_cd= '" + DropDownList1.SelectedItem.Value.ToString() + "',sac_cd='" + TextBox5.Text.ToString() + "',ser_long_desc='" + TextBox6.Text.ToString() + "',tax_ind='" + DropDownList2.SelectedItem.Value.ToString() + "',active_ind= '" + TextBox7.Text.ToString() + "',del_ind='" + TextBox8.Text.ToString() + "' where req_no='" + this.TextBox1.Text.ToString() + "')";
OleDbCommand cmd = new OleDbCommand(sql1, con);
cmd.ExecuteNonQuery();
WebMsgBox.Show("Data Successfully Updated");
}
else
{
string sql = "insert into service_master(req_no,req_dt,req_by,ser_cd,serv_desc,serv_grp_cd,base_uom_cd,sac_cd,ser_long_desc,tax_ind,active_ind,del_ind ) values(" + this.TextBox1.Text.ToString() + ",'" + label11.Text.ToString() + "', '" + Session["UserName"].ToString() + "', '" + TextBox3.Text.ToString() + "','" + TextBox4.Text.ToString() + "','" + DropDownList3.SelectedItem.Value.ToString() + "','" + DropDownList1.SelectedItem.Value.ToString() + "','" + TextBox5.Text.ToString() + "','" + TextBox6.Text.ToString() + "','" + DropDownList2.SelectedItem.Value.ToString() + "','" + TextBox7.Text.ToString() + "','" + TextBox8.Text.ToString() + "')";
OleDbCommand com = new OleDbCommand(sql, con);
com.ExecuteNonQuery();
WebMsgBox.Show("The data for request number" + TextBox1.Text + "is saved");
}
con.Close();
}
}

Your query should look something like this
//insert query
//string sql1 = "INSERT INTO Test(id, name) VALUES(#User_FirstName, #User_LastName)";
//update sample query
string sql1 = "UPDATE Test SET User_FirstName=#User_FirstName, User_LastName=#User_LastName";
SqlCommand cmd = new SqlCommand(smt, _connection);
cmd.Parameters.Add("#User_FirstName", FirstName.Text);
cmd.Parameters.Add("#User_LastName", LastName.Text);
Always use Parameters to preform any database actions. Using user input is very dangerous, look up sql injections.

Adding Data to two Datagridviews

I want to Add Data But I want to Put It In 2 DataGridViews. I tried this but On the 2nd Datagridview I wont Work, It Wont Add, Only In the 1st Datagridview
string query = "insert into dbuser.patientform (patientname,homeaddress,occupation,emailaddress,sex,age,status,birthday,cellphoneno,refferedby,date,diagnosis,treatment)"
+ "values('" + this.textBox1.Text + "','" + this.textBox2.Text + "','" + this.textBox3.Text + "','" + this.textBox4.Text + "','" + this.comboBox1.SelectedItem + "','" + this.textBox5.Text + "','" + this.comboBox2.SelectedItem + "','" + this.dateTimePicker1.Text + "','" + this.textBox6.Text + "','" + this.textBox7.Text + "','" + this.dateTimePicker2.Text + "','" + this.textBox8.Text + "','" + this.textBox9.Text + "') ;";
string quer = "insert into dbuser.patienthistory (patientname,date,diagnosis,treatment)"
+ "values('" + this.textBox1.Text + this.dateTimePicker2.Text + "','" + this.textBox8.Text + "','" + this.textBox9.Text + "') ;";
MySqlCommand cmd = new MySqlCommand(query, condb);
MySqlCommand cm = new MySqlCommand(quer, condb);
MySqlDataReader myreader;
MySqlDataReader myreader1;
try
{
condb.Open();
myreader = cmd.ExecuteReader();
condb.Close();
condb.Open();
myreader1 = cm.ExecuteReader();
MessageBox.Show("Saved");
textBox1.Clear();
textBox2.Clear();
textBox3.Clear();
textBox4.Clear();
comboBox1.SelectedItem = false;
textBox5.Clear();
comboBox2.SelectedItem = false;
textBox6.Clear();
textBox7.Clear();
textBox8.Clear();
textBox9.Clear();
dateTimePicker1.Text = null;
condb.Close();
dataset = new DataTable();
da.Fill(dataset);
BindingSource bs = new BindingSource();
bs.DataSource = dataset;
dataGridView1.DataSource = bs;
dataGridView2.DataSource = bs;
da.Update(dataset);

I suggest do followings :
Open and Close Connection one time if two request will use same connection string
Use MySqlDataAdapter for filling data to DataTable.
Set DataTable to DataGridView

How do I make the column type date I want to insert in sql

I want to insert the date format into sql
How can I do this?
private void button1_Click(object sender, EventArgs e)
{
try
{
SqlConnection conn = new SqlConnection("Data Source=Server-1;Initial Catalog=Eczane;Integrated Security=True");
conn.Open();
SqlCommand cmd = new SqlCommand("INSERT INTO TBL_Musteri (MUSTERI_TC,MUSTERI_AD,MUSTERI_SOYADI,MUSTERI_DOGUM_TARIHI,MUSTERI_CINSIYET,MUSTERI_TELEFON,MUSTERI_ADRES,MUSTERI_IL,MUSTERI_ILCE,MUSTERI_EKLEYEN_ADMIN) VALUES ('" + textBox1.Text + "','" + textBox2.Text + "','" + textBox3.Text + "','" + textBox9.Text + "','" + comboBox1.Text + "','" + textBox4.Text + "','" + textBox5.Text + "','" + textBox6.Text + "','" + textBox7.Text + "','" + textBox8.Text + "')", conn);
cmd.ExecuteNonQuery();
conn.Close();
}
catch (Exception)
{
MessageBox.Show("Erorr!");
}
}

Use Parameters collection on cmd object.
You can specify the type and the conversion will be done for you. Also it prevents your code from being exposed to SQL injection.
SqlCommand cmd = new SqlCommand("INSERT INTO TBL_Musteri (MUSTERI_TC,MUSTERI_AD,MUSTERI_SOYADI,MUSTERI_DOGUM_TARIHI,
MUSTERI_CINSIYET,MUSTERI_TELEFON,MUSTERI_ADRES,MUSTERI_IL,MUSTERI_ILCE,MUSTERI_EKLEYEN_ADMIN)
VALUES (#param1,#param2,#param3,#param4,#param5,
#param6,#param7,#param8,#param9,#param10)", conn);
cmd.Parameters.Add("#param1", SqlDbType.NVarChar);
cmd.Parameters["#param1"] = textBox1.Text;
...
cmd.Parameters.Add("#param4", SqlDbType.Date;
cmd.Parametes["#param4"] = textBox9.Text;
...

Null Reference Exception when Clicking a button in ASP.NET Webforms

I have created a web application for online testing.
The website is running perfectly fine on my local machine but giving an error on remote server.
protected void Page_Load(object sender, EventArgs e)
{
arrSessionALL_questions = Session["arrALL_questions"] as int[];
arrSessionQuestion_ID = Session["arrayOfQuestionID"] as int[];
arrSessionCorrectAns = Session["arrayOfCorrectAns"] as string[];
arrSessionCorrectAnsMarks = Session["arrayOfCorrectAnsMarks"] as int[];
arrSessionAns_ID = Session["arrayOfAnsID"] as string[];
arrSessionAttempted_ID = Session["arrayOfAttemptedID"] as int[];
arrSessionMarkQuestion_ID = Session["arrMarkQuestion_ID"] as int[];
arrSessionLeft_ID = Session["arrayOfLeftID"] as int[];
arrSessionTotalMarks = Session["arrTotalMarks"] as int[];
}
protected void ButtonNext_Click(object sender, EventArgs e)
{
PanelTimer.Visible = true;
PanelQuestNum.Visible = false;
try
{
if (arrSessionQuestion_ID[Convert.ToInt32(Session["QuestionCounter"])] != 0)
{
if (Convert.ToInt32(Session["QuestionCounter"]) < arrSessionALL_questions.Length)
{
//Session["QuestionCounter"] = Convert.ToInt32(Session["QuestionCounter"]) + 1;
LabelStudentName.Text = arrSessionQuestion_ID[Convert.ToInt32(Session["QuestionCounter"])].ToString();
correctAns = arrSessionCorrectAns[Convert.ToInt32(Session["QuestionCounter"])].ToString();
correctMarks = Convert.ToInt32(arrSessionCorrectAnsMarks[Convert.ToInt32(Session["QuestionCounter"])]);
PanelQ.Visible = true;
ButtonSTART.Visible = false;
ButtonMark.Visible = true;
PanelTimer.Visible = true;
PanelQuestNum.Visible = false;
if (RadioButtonListAns.SelectedIndex >= 0)
{
arrAns_ID[Convert.ToInt32(Session["QuestionCounter"])] = RadioButtonListAns.SelectedItem.ToString();
Session["arrayOfAnsID"] = arrAns_ID;
arrSessionAns_ID = Session["arrayOfAnsID"] as string[];
if (arrSessionAns_ID[Convert.ToInt32(Session["QuestionCounter"])] == correctAns)
{
studentMarks = correctMarks;
attempt_correct_wrong = "correct";
}
else
{
studentMarks = 0;
attempt_correct_wrong = "wrong";
}
con.Open();
SqlDataAdapter adp = new SqlDataAdapter("select * from Student_Analysis where((date='" + date + "' AND username='" + username + "') AND (PaperName='" + papername + "' AND QuestionNumber='" + arrSessionQuestion_ID[Convert.ToInt32(Session["QuestionCounter"])] + "'))", con);
DataSet ds = new DataSet();
adp.Fill(ds, "Student_Analysis");
int count = ds.Tables[0].Rows.Count;
if (count > 0)
{
con.Close();
con1.Open();
SqlCommand cmd = new SqlCommand("UPDATE Student_Analysis set studentAns='" + arrSessionAns_ID[Convert.ToInt32(Session["QuestionCounter"])] + "',studentMarks='" + studentMarks + "',attemp_correct_wrong='" + attempt_correct_wrong + "' where((date='" + date + "' AND username='" + username + "') AND (PaperName='" + papername + "' AND QuestionNumber='" + arrSessionQuestion_ID[Convert.ToInt32(Session["QuestionCounter"])] + "'))", con1);
cmd.ExecuteNonQuery();
con1.Close();
}
else
{
con.Close();
con1.Open();
SqlCommand cmd = new SqlCommand("insert into Student_Analysis values('" + date + "','" + studentId.ToString() + "','" + studentName + "','" + username.ToString() + "','" + papername + "','" + Convert.ToInt32(LabelStudentName.Text) + "','" + arrSessionAns_ID[Convert.ToInt32(Session["QuestionCounter"])] + "','" + correctAns + "','" + studentMarks + "','" + correctMarks + "','" + attempt_correct_wrong + "')", con1);
cmd.ExecuteNonQuery();
con1.Close();
}
}
else
{
arrAns_ID[Convert.ToInt32(Session["QuestionCounter"])] = "NULL";
Session["arrayOfAnsID"] = arrAns_ID;
arrSessionAns_ID = Session["arrayOfAnsID"] as string[];
studentMarks = 0;
attempt_correct_wrong = "Not attempted";
con.Open();
SqlDataAdapter adp = new SqlDataAdapter("select * from Student_Analysis where((date='" + date + "' AND username='" + username + "') AND (PaperName='" + papername + "' AND QuestionNumber='" + arrSessionQuestion_ID[Convert.ToInt32(Session["QuestionCounter"])] + "'))", con);
DataSet ds = new DataSet();
adp.Fill(ds, "Student_Analysis");
int count = ds.Tables[0].Rows.Count;
if (count > 0)
{
con.Close();
con1.Open();
SqlCommand cmd = new SqlCommand("UPDATE Student_Analysis set studentAns='" + "NULL" + "',studentMarks='" + studentMarks + "',attemp_correct_wrong='" + attempt_correct_wrong + "' where((date='" + date + "' AND username='" + username + "') AND (PaperName='" + papername + "' AND QuestionNumber='" + arrSessionQuestion_ID[Convert.ToInt32(Session["QuestionCounter"])] + "'))", con1);
cmd.ExecuteNonQuery();
con1.Close();
}
else
{
con.Close();
con1.Open();
SqlCommand cmd = new SqlCommand("insert into Student_Analysis values('" + date + "','" + studentId.ToString() + "','" + studentName + "','" + username.ToString() + "','" + papername + "','" + Convert.ToInt32(LabelStudentName.Text) + "','" + "NULL" + "','" + correctAns + "','" + studentMarks + "','" + correctMarks + "','" + attempt_correct_wrong + "')", con1);
cmd.ExecuteNonQuery();
con1.Close();
}
}
if (Convert.ToInt32(Session["QuestionCounter"]) < arrSessionALL_questions.Length - 1)
{
Session["QuestionCounter"] = Convert.ToInt32(Session["QuestionCounter"]) + 1;
loadQuestion();
ButtonMark.Visible = true;
//Checking if question has been marked
con.Open();
SqlDataAdapter adp = new SqlDataAdapter("select * from StudentMarkedQuestions where((date='" + date + "' AND username='" + username + "') AND (PaperName='" + papername + "' AND markedQuestionNumber='" + arrSessionQuestion_ID[Convert.ToInt32(Session["QuestionCounter"])] + "'))", con);
DataSet ds = new DataSet();
adp.Fill(ds, "Student_Analysis");
int count = ds.Tables[0].Rows.Count;
if (count > 0)
{
ButtonMark.Visible = false;
ButtonUnMark.Visible = true;
}
else
{
ButtonMark.Visible = true;
ButtonUnMark.Visible = false;
}
//Checking if question has been marked
}
else
{
LabelStudentName.Text = "End of questions!!";
PanelQ.Visible = true;
ButtonSTART.Visible = false;
ButtonFinish.Visible = true;
ButtonNext.Visible = true;
ButtonPrevious.Visible = true;
}
}
else
{
LabelStudentName.Text = "End of questions!!";
PanelQ.Visible = true;
ButtonSTART.Visible = false;
ButtonFinish.Visible = true;
ButtonMark.Visible = false;
ButtonPrevious.Visible = false;
ButtonNext.Visible = false;
ButtonUnMark.Visible = false;
}
}
} //try ends
catch(Exception ex)
{
Response.Write(ex.Message);
}
}
public void loadQuestion()
{
if (arrSessionQuestion_ID[Convert.ToInt32(Session["QuestionCounter"])] != 0)
{
con1.Open();
SqlDataAdapter adp1 = new SqlDataAdapter("select * from QuestionInsert where(QuestionNum='" + arrSessionQuestion_ID[Convert.ToInt32(Session["QuestionCounter"])] + "')", con1);
DataSet ds1 = new DataSet();
adp1.Fill(ds1);
LabelQuestion.Text = (Convert.ToInt32(Session["QuestionCounter"]) + 1) + ". " + ds1.Tables[0].Rows[0][7].ToString();
con1.Close();
RadioButtonListAns.Items.Clear();
con2.Open();
string strQuery = "select * from QuestionInsert where(QuestionNum='" + arrSessionQuestion_ID[Convert.ToInt32(Session["QuestionCounter"])] + "')";
SqlDataAdapter da = new SqlDataAdapter(strQuery, con2);
DataTable dt = new DataTable();
da.Fill(dt);
con2.Close();
RadioButtonListAns.Items.Insert(0, new ListItem(dt.Rows[0]["Option1"].ToString(), dt.Rows[0]["Option1"].ToString()));
RadioButtonListAns.Items.Insert(1, new ListItem(dt.Rows[0]["Option2"].ToString(), dt.Rows[0]["Option2"].ToString()));
RadioButtonListAns.Items.Insert(2, new ListItem(dt.Rows[0]["Option3"].ToString(), dt.Rows[0]["Option3"].ToString()));
RadioButtonListAns.Items.Insert(3, new ListItem(dt.Rows[0]["Option4"].ToString(), dt.Rows[0]["Option4"].ToString()));
RadioButtonListAns.Items.Insert(4, new ListItem(dt.Rows[0]["Option5"].ToString(), dt.Rows[0]["Option5"].ToString()));
//Selects radiobutton if answer found in database
con3.Open();
SqlDataAdapter adp = new SqlDataAdapter("select * from Student_Analysis where((date='" + date + "' AND username='" + username + "') AND (PaperName='" + papername + "' AND QuestionNumber='" + arrSessionQuestion_ID[Convert.ToInt32(Session["QuestionCounter"])] + "'))", con3);
DataSet ds = new DataSet();
adp.Fill(ds, "Student_Analysis");
int count = ds.Tables[0].Rows.Count;
if (count > 0)
{
con3.Close();
string ans = ds.Tables[0].Rows[0][6].ToString();
if (RadioButtonListAns.Items.FindByText(ans) != null)
{
RadioButtonListAns.Items.FindByText(ans).Selected = true;
}
}
con3.Close();
//Selects radiobutton if answer found in database
}
}
This is the code that I have applied, I have given the code from Page Load and ButtonNext_Click() event.
While starting the test, it loads two questions but then if you will click on next button again, it is giving me this error:
[NullReferenceException: Object reference not set to an instance of an object.]
StudentTestingPage.ButtonNext_Click(Object sender, EventArgs e) +2018
System.EventHandler.Invoke(Object sender, EventArgs e) +0
System.Web.UI.WebControls.Button.OnClick(EventArgs e) +9553178
System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +103
System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +10
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +13
System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +35
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1724
I tried everything that I know and searched about everything on internet but still unable to fix it.
I have checked all the variables and arrays that can be set to null, the code is running fine on local machine.
I have used SQL Server as database.

The clue is in the stack trace. You are calling a method or getting/setting a property on something that is null in the handler for ButtonNext.
Look at your ButtonNext_Click() method and try to see what objects might be null.
If you can't replicate locally, then consider building a DEBUG build and deploying that. That should give you the actual line number throwing the exception in the stack trace.
However
This code has many serious issues. If you work on improving the overall quality of the code, simple things like NullReferenceException become easier to locate and resolve.
Method length You need to cut your frankly MASSIVE ButtonNext_Click() method into many, small (maybe even less than 10 lines) descriptively-named methods. If you have ReSharper learn how to use it. If you don't, buy it and learn how to use it. However even Visual Studio has "Extract Method" these days - USE IT. In particular the contents of if/else blocks might be good candidates.
SQL Injection You are being very naughty - concatenating SQL strings is a BAD IDEA. Instead, parameterise your SQL strings. Better still, use Entity Framework (comes free in the .NET framework) or something like Dapper.
Don't use "NULL". Use null and note the important difference.
One last thing - you shouldn't see the Yellow Screen of Death, really. You should always turn it off in production in your web.config:
<customErrors mode="RemoteOnly" ... />