First things first, don't do it like that! Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Always use Parameterized queries instead.
When you concatenate strings, you cause problems because SQL receives commands like:
SELECT * FROM MyTable WHERE StreetAddress = 'Baker's Wood'
The quote the user added terminates the string as far as SQL is concerned and you get problems. But it could be worse. If I come along and type this instead: "x';DROP TABLE MyTable;--" Then SQL receives a very different command:
SELECT * FROM MyTable WHERE StreetAddress = 'x';DROP TABLE MyTable;
Which SQL sees as three separate commands:
SELECT * FROM MyTable WHERE StreetAddress = 'x';
A perfectly valid SELECT
DROP TABLE MyTable;
A perfectly valid "delete the table" command
And everything else is a comment.
So it does: selects any matching rows, deletes the table from the DB, and ignores anything else.
So ALWAYS use parameterized queries! Or be prepared to restore your DB from backup frequently. You do take backups regularly, don't you?
Fix that through your whole application before you go any further!
When you've done that, start think about what you are doing, and when you are doing it: how much data are you retrieving, and what event is being handled when you do.
If you are loading a lot of data into a combobox that might be your problem; as may doing it in a timer or similar event - so check how much you are fetching as each row may require a new window handle and they are scarce resources that will runout long before actual memory does, but will throw the same "out of memory" error.
Use the debugger, and see what you can find - we can't do that for you because we have no access to your data or your app while it is running and you need both to even start looking at why it is happening, much less how to fix it!