Click here to Skip to main content
15,887,596 members
Search within:


C# programming for keyword search from database ?
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
C#3.5
Hellow I have a table with following columns.

Profile_ID,Name,Age,More_Info_about family,qualification details, job details and partner_preference


I have to search on keyword basis and keyword is to be taken from textbox.

The search result should be in such a way so that if keyword presents in starting, ending and in between the sentence of any of the columns presents in where conditions.

Please help me.

What I have tried:

I tried LIKE '" + txtbox_keyword.Text + "'
but is not working properly it is not searching data if keyword is present in between sentence.

"select (Profile_ID,Name,Age, More_info_about_family,Job_Business_Location_City,Salary from tblRegistration  WHERE 

More_info_about_family LIKE '" + txtbox_keyword.Text + "' OR Qualification_Details LIKE '" + txtbox_keyword.Text + "' OR 

origin LIKE '" + txtbox_keyword.Text + "' OR Job_Detail LIKE '" + txtbox_keyword.Text + "' ", con);
Posted
Updated 16-Jun-19 17:10pm
v2
Add a Solution

2 solutions

First off -- using string concatenation to form SQL statements is a VERY BAD IDEA.

Next, when using LIKE you will likely want to include some wildcards, such as %, which matches multiple characters.
Without wildcards, you are simply trying to match the entire string.
You may not want to expect the user to have specified them.

So please look into using parameters (which is really easy) and ensure that you use wildcards.
 
Share this answer
 
Posted
Updated 16-Jun-19 16:43pm
v4
Quote:
LIKE '" + txtbox_keyword.Text + "'

The way you use LIKE is for column is exact value.
SQL LIKE Operator[^]
VB
"select (Profile_ID,Name,Age, More_info_about_family,Job_Business_Location_City,Salary from tblRegistration  WHERE More_info_about_family LIKE '" + txtbox_keyword.Text + "' OR Qualification_Details LIKE '" + txtbox_keyword.Text + "' OR origin LIKE '" + txtbox_keyword.Text + "' OR Job_Detail LIKE '" + txtbox_keyword.Text + "' "

Not a solution to your question, but another problem you have.
Never build an SQL query by concatenating strings. Sooner or later, you will do it with user inputs, and this opens door to a vulnerability named "SQL injection", it is dangerous for your database and error prone.
A single quote in a name and your program crash. If a user input a name like "Brian O'Conner" can crash your app, it is an SQL injection vulnerability, and the crash is the least of the problems, a malicious user input and it is promoted to SQL commands with all credentials.
SQL injection - Wikipedia[^]
SQL Injection[^]
SQL Injection Attacks by Example[^]
PHP: SQL Injection - Manual[^]
SQL Injection Prevention Cheat Sheet - OWASP[^]
How can I explain SQL injection without technical jargon? - Information Security Stack Exchange[^]
 
Share this answer
 
Posted
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
Combobox Search Including Keyword
Search keyword*keyword pattern in mysql database.
File Search for keywords
Highlight search keyword when retrieve from database to Datalist C#
Search the stidents from the inner join script "'incorrect syntax near the keyword 'where'.'
Search in database in C# using async
to perform document search by keyword
Data structures - the "this" keyword
public key encryption with keyword search
Searching muliple keywords in a text file

Advertise
Privacy
Cookies
Terms of Use
Last Updated 16 Jun 2019
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web01 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900