And to add to the answer concerning indexing start point: To be safe from SQL injections, data conversion problems etc, you should use
SqlParameter
in your queries instead of directly concatenating values from the text boxes to the SQL statement.
So you code could look something like
...
SqlCommand searchquery = new SqlCommand(
"SELECT tc.ContractBuyerCode,
tc.ContractBuyerName,
tc.ContractSBU,
tc.ContractProjectName,
tc.ContractPrjUnitDesc,
tc.ContractModel,
tc.ContractStatus
FROM MC.tblContracts tc
WHERE tc.ContractCompanyCode = @ContractCompanyCode
AND tc.ContractNo = @ContractNo", amicassaCon_repgen);
searchquery.Parameters.Add( new SqlParameter() {
ParameterName = "@ContractCompanyCode",
DbType = SqlDbType.VarChar,
Size = 100,
Value = company_code.Text };
searchquery.Parameters.Add( new SqlParameter() {
ParameterName = "@ContractNo",
DbType = SqlDbType.Int,
Value = contract_no.Text };
SqlDataReader dr = searchquery.ExecuteReader();
...
For more information, see:
-
SQL injection[
^]
-
SqlParameter class[
^]