Your code looks like a Script-Kiddies dream.. ;)
Please (as stated in answers before) NEVER use QueryString variables directly in a SQL Query!
About your Problem, I don't see why the Exception occures, but it seems that some parts of your source is missing.
Anyway, I tried to clean the code up a little bit, could you try it this way (perhaps you have to modify my source a bit according your surroundings.
public IList<Tour> GetTourData(HttpContext context)
{
var tourOutput = new List<Tour>();
string pageType = context.Request.QueryString["pageType"];
string type = context.Request.QueryString["type"];
string tourId = context.Request.QueryString["tourid"];
string connectionString = ConfigurationManager.ConnectionStrings["smartwaydbConnectionString"].ConnectionString;
SqlConnection conn = new SqlConnection(connectionString);
SqlCommand selcmd = null;
SqlDataReader rdr = null;
if (pageType == "tour")
{
switch (type)
{
case "Type1":
case "Type2":
selcmd = new SqlCommand("select * from tour where tourid = @tourid", conn);
break;
case "Type3":
selcmd = new SqlCommand("select * from tour where popularimage IS NOT NULL and tourid = @tourid", conn);
break;
}
}
if (selcmd != null)
{
selcmd.Parameters.Add("@tourid", SqlDbType.Int).Value = Convert.ToInt32(tourId);
conn.Open();
using (rdr = selcmd.ExecuteReader())
{
if (rdr.HasRows)
{
while (rdr.Read())
{
var tour = new Tour();
tourOutput.Add(tour);
}
}
}
conn.Close();
}
return tourOutput;
}
As explanation:
The
Tour
Class is a class which holds the tour data you get from the reader. If you want to process it in a
DataTable
you have to change the object-reading and the output parameter to make this working.
Hope this helps to get you forward.
And once again, PLEASE NEVER use QueryString Parameters directly in a SQL Statement!! Encapsulate them at least in a Sql Parameter attached to the query (better use a Stored Procedure directly on the SQL Server).
Best regards and have a nice day,
Stops