Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: C#
hi guys,
i have a search form, which function is to search from database and show results in gridview, in this there are two boxes one is textbox and second is combobox, now in this one has to enter something in textbox and then select appropriate parameters from combobox as combobox is having some parammeters like name RollNo etc, and then the press search button for results. now issue m facing is, i am not able to use parameters of combobox and textbox together, means the search button should be able to check both boxes and then give results accordingly
 
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Data.SqlClient;
 

namespace testingdatabase
{
    public partial class Form3 : Form
    {
        public Form3()
        {
            InitializeComponent();
        }
 
        private void button1_Click(object sender, EventArgs e)
        {
            new Form1().Show();
            this.Close();
        }
 
        private void text_searchstring_TextChanged(object sender, EventArgs e)
        {
            
        }
 
        private void button1_search_Click(object sender, EventArgs e)
        {
            text_searchstring + comboBox1.SelectedItem.ToString();
            errorProvider1.Dispose();
            //if (.Text.Length == 0)
            if (text_searchstring.Text.Length == 0)
                errorProvider1.SetError(text_searchstring, "please fill name");
 
            {
                SqlConnection conn = new SqlConnection();
                conn.ConnectionString = @"Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Documents and Settings\jumbo\my documents\visual studio 2010\Projects\testingdatabase\testingdatabase\Database1.mdf;Integrated Security=True;User Instance=True";
                conn.Open();
                //SqlCommand cmd = new SqlCommand();
                //cmd.Connection = conn;
                //cmd = new SqlCommand("select * from Table where name like '%" + txtsearch.Text + "%'");
                //cmd = new SqlCommand("select * from Table1 where name like '%" + text_searchstring.Text + "%'");
                SqlDataAdapter adapter = new SqlDataAdapter("select * from Table1 where Name like '%" + text_searchstring.Text + "%'" , conn);
                DataTable dt = new DataTable();
                //SqlDataAdapter adapter = new SqlDataAdapter();
                adapter.Fill(dt);
                dataGridView1.DataSource = dt;
                dataGridView1.Visible = true;
                //dataGridView1.DataSource = dt;
                //dataGridView1.Visible = true;
                conn.Close();
                conn.Dispose();
            }
        }
 
        private void comboBox1_SelectedIndexChanged(object sender, EventArgs e)
        {
            SqlConnection myConnection_Company = new SqlConnection();
            myConnection_Company.ConnectionString = @"Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Documents and Settings\jumbo\my documents\visual studio 2010\Projects\testingdatabase\testingdatabase\Database1.mdf;Integrated Security=True;User Instance=True";
            myConnection_Company.Open();
            SqlDataAdapter company = new SqlDataAdapter("select * from Table1 where Name like '" + comboBox1.SelectedItem.ToString() + "'", myConnection_Company);
            //DataTable dd = new DataTable();
            DataSet dd = new DataSet();
            company.Fill(dd);
            
                    text_searchstring.Text = "";
                
                myConnection_Company.Close();
                myConnection_Company.Dispose();
            } 
 
       private void groupBox1_Enter(object sender, EventArgs e)
       {
 
       }
    }
}
Posted 31-Jan-13 0:17am
Comments
E.F. Nijboer at 31-Jan-13 5:30am
   
Do you know Bobby Tables?
http://bobby-tables.com/
AdityaPratapSingh at 31-Jan-13 5:49am
   
what you exactly want to do?
E.F. Nijboer at 31-Jan-13 6:01am
   
You are concatenating strings to create a query string and is easily abused for sql injection. The comic of bobby tables illustrates this very nicely and is widely known to make this clear.
jangojan at 1-Feb-13 0:35am
   
i mentioned in my question partap, actually i want to give some input in textbox and select appropriate parameter from the combobox the then give results according to the inpute and parameters. but it is not happening
AdityaPratapSingh at 1-Feb-13 0:37am
   
ur problem still not solved
AdityaPratapSingh at 1-Feb-13 0:39am
   
give me table structure in database
jangojan at 1-Feb-13 0:35am
   
no i dnt know bobby tables

1 solution

Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

try like this
 
private void button1_search_Click(object sender, EventArgs e)
{
 string columname=comboBox1.SelectedText;
 string txttosearch= textbox1.Text;
 
 //Now rewrite ur query as 
"select * from Table1 where "+columnname+" like '%"+txttosearch+"%'"  
 
}
 

Rest whatevr you are doin is fine.
Just change query.
 
happy coding Smile | :)
  Permalink  
Comments
jangojan at 1-Feb-13 0:36am
   
no it is not happening this time also, gives me no error, but when i input something in text box and select appropriate parameter from combobox the input in textbox disappear and press enter gives me error of sql adapter, so pleaase can you have look of code again,
jangojan at 1-Feb-13 0:41am
   
private void text_searchstring_TextChanged(object sender, EventArgs e)
{

}
 
private void button1_search_Click(object sender, EventArgs e)
{
string Name = comboBox1.SelectedText;
string txttosearch = text_searchstring.Text;
//string parameter = text_searchstring + comboBox1.SelectedItem.ToString();
//string parameter = text_searchstring.Text + comboBox1.SelectedText.ToString();
//errorProvider1.Dispose();
//if (.Text.Length == 0)
//if (text_searchstring.Text.Length == 0)
// errorProvider1.SetError(text_searchstring, "please fill name");
 
{
SqlConnection conn = new SqlConnection();
conn.ConnectionString = @"Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Documents and Settings\jumbo\my documents\visual studio 2010\Projects\testingdatabase\testingdatabase\Database1.mdf;Integrated Security=True;User Instance=True";
conn.Open();
//SqlCommand cmd = new SqlCommand();
//cmd.Connection = conn;
//cmd = new SqlCommand("select * from Table where name like '%" + txtsearch.Text + "%'");
//cmd = new SqlCommand("select * from Table1 where name like '%" + text_searchstring.Text + "%'");
SqlDataAdapter adapter = new SqlDataAdapter("select * from Table1 where "+Name+" like '%" +txttosearch+ "%'" , conn);
DataTable dt = new DataTable();
//SqlDataAdapter adapter = new SqlDataAdapter();
adapter.Fill(dt);
dataGridView1.DataSource = dt;
dataGridView1.Visible = true;
//dataGridView1.DataSource = dt;
//dataGridView1.Visible = true;
conn.Close();
conn.Dispose();
 

this time the code is like this . . please correct the code
jangojan at 1-Feb-13 1:20am
   
ok i sendign you the cs page now
AdityaPratapSingh at 1-Feb-13 3:33am
   
i didnt receive any code in my mail box

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 OriginalGriff 390
1 Jochen Arndt 150
2 Richard MacCutchan 135
3 DamithSL 95
4 Garth J Lancaster 90
0 OriginalGriff 6,045
1 DamithSL 4,601
2 Maciej Los 4,087
3 Kornfeld Eliyahu Peter 3,480
4 Sergey Alexandrovich Kryukov 3,260


Advertise | Privacy | Mobile
Web01 | 2.8.141220.1 | Last Updated 31 Jan 2013
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100