basically when in another page someone chooses a category it redirects him to this page and adds "?category=(category he choose)" to the url, then it checks in this page what’s his category and pulls the ids from db where the category is equal to what it chose, then it chooses a random id.
Uri uri = new Uri(HttpContext.Current.Request.Url.AbsoluteUri);
string querystring = HttpUtility.ParseQueryString(uri.Query).Get("category");
SqlCommand cmd = new SqlCommand();
List<int> idList = new List<int>();
SqlConnection con = new SqlConnection(@"Data source");
// I deleted the Data source but it's in the code
try
{
cmd = new SqlCommand($"SELECT Id FROM Facts WHERE category='{querystring}'", con);
con.Open();
SqlDataReader reader = cmd.ExecuteReader();
int i = 0;
while ((bool)reader.Read())
{
idList.Add((int)reader.GetValue(0));
i++;
}
reader.Close();
}
catch (Exception)
{
throw;
}
finally
{
con.Close();
}
Random rnd = new Random();
int[] idArray = idList.ToArray();
int randIndex = rnd.Next(idArray.Length);
int random = idArray[randIndex];
string SQL = $"SELECT facts FROM Facts WHERE id='{random}';";
cmd = new SqlCommand(SQL, con);
con.Open();
object scalar = cmd.ExecuteScalar();
con.Close();
this is the code, sometimes it works and sometimes it throws ‘Index was outside the bounds of the array.’
really need an hand here, been working on it for a long time and i have no idea.
3
Answers
using some of the ideas and answers brought here I managed to fix it, first of all I removed unused and unnecessary code (thanks to some advices) and debugged the code using
System.Diagnostics.Debug.WriteLine();
then I took the entire code that gets the IDs and made a method with it -This part gets the facts id's and chooses a random one, then outputs it to HTML:
NOTE: This is vulnerable to SQL Injection attacks, don't use it without parameterizing the
SQLQuery
variable first! See this to learn about it.It may be necessary to manage the case where there is no result :
If this fails:
Then either:
idArray
is shared and is being swapped between the operationsWe can rule out 1 because it is a local, not a field; therefore the problem is 2
(I’m not including the third option of
Random.Next
being broken, since that seems preposterously unlikely)