Invalid object name, SQL Exception. Nothing fixes it!

Question

So, I have been trying to fix this for about two months. It all started when my "dev" machine went kaput and I set it up on my laptop. It was working fun on my old PC but, it does not work on my new PC and never did on laptop.

I structured the SQL Server as much like the first one as I could remember but, it started giving me SQLExceptions. I googled it, I searched on here for it, I tried different solutions. Nothing.

I will post the offending code and I am hoping someone will be able to help me see my flaw. I am sure it is something stupid.

   SqlCommand sc = sqlc.CreateCommand();
                sc.CommandText = "SELECT pNumber FROM database WHERE pNumber = '" + Number.ToString() + "'";
                SqlDataReader sdr = sc.ExecuteReader();
                if (sdr.Read().ToString() != null)
                {
                    sdr.Close();
                   sc.CommandText = "UPDATE word SET word = '" + Word + "' WHERE pNumber = '" + Number.ToString() + "'";
                   HERE IS WHERE THE ERROR OCCURS---->  sc.ExecuteReader();
                }
                else
                {
                    sdr.Close();
                    sc.CommandText = "INSERT INTO database VALUES(" + Number.ToString() + ",'" + Word + "',0, 0, 0)";
                    sc.ExecuteNonQuery();
                    sc.CommandText = "SELECT * FROM database WHERE pNumber = '" + Number.ToString() + "'";
                    SqlDataReader dataRead = sc.ExecuteReader();
                    for (int x = 0; x < 6; ++x)
                    {
                        User[x] = dataRead.GetString(x);
                    }
                }
             sqlc.Close();

EDIT: SqlException: Invalid object name: 'word'. at System.Data.SqlClient.SqlConnection.OnError(...

Answer 1

Change your input values to parameters. It's much safer, and might fix your issue if it's a problem caused by accidental SQL injection.

http://www.csharp-station.com/Tutorials/AdoDotNet/Lesson06.aspx

Like this:

sc.CommandText = "INSERT INTO database VALUES(@number,@word,0, 0, 0)";
sc.Parameters.Add("@number", SqlType.Int).Value = number;
sc.Parameters.Add("@word", SqlType.Int).Value = Word

Answer 2

sc.CommandText = "UPDATE word SET word = '" + Word + "' WHERE pNumber = '" + Number.ToString() + "'";

should probably read

sc.CommandText = "UPDATE database SET word = '" + Word + "' WHERE pNumber = '" + Number.ToString() + "'";

I changed the tablename in the SQL query, that is all.

Answer 3

Where your code reads

sc.CommandText = "SELECT pNumber FROM database WHERE pNumber = '" + Number.ToString() + "'";

does that mean your user-defined database is actually named "database"? The word "database" is a reserved word, and this could be causing you grief.