Click here to Skip to main content
15,881,173 members
Search within:


How do create a query with where statement with two conditions?
Please Sign up or sign in to vote.
4.00/5 (1 vote)
See more:
C#
SQL
Is there any possible way to create query using where statement with two conditions.

SQL
    string connectionString = "Data Source=PD-JANAKAN;Initial Catalog=Enquiry;User ID=Madushan;Password=P@19861030";
    DataTable dt = new DataTable();
    SqlConnection connection = new SqlConnection(connectionString);
    SqlDataReader myReader = null;
    SqlCommand command = new SqlCommand("SELECT * FROM Enquiry where Cust_Name='" + myselection + "' or Cust_ID='" + vid + "'", connection);
    connection.Open();
    //command.Parameters.AddWithValue("@Cust_Name", myselection);
    myReader = command.ExecuteReader();


    while (myReader.Read())
    {
        Cus_Contact.Text = (myReader["Cust_Cntact"].ToString());
        DateTime Submit = (DateTime)myReader["Submit_Date"];
        DateTime Required = (DateTime)myReader["Req_Date"];
        More_Info.Text = (myReader["More_Details"].ToString());
        Stat_Sec.Text = (myReader["Sec_Status"].ToString());
    }
    connection.Close();
}
Posted
Updated 30-Jan-15 0:34am
v2
Add a Solution
Comments
Sinisa Hajnal 30-Jan-15 7:29am    
What do you mean? You have two conditions in the query above.

Please consider moving that sql into stored procedure or at least use String.Format for readability:
String.Format("SELECT * FROM Enquiry where Cust_Name='{0}' or Cust_ID='{1}'", myselection, vid) - do you see two conditions now?
Richard Deeming 30-Jan-15 7:53am    
NEVER use string concatenation or String.Format to build a SQL query. ALWAYS use a parameterized query.
Sinisa Hajnal 30-Jan-15 8:21am    
Totally agree...that's why I suggested stored procedure :) But IF he concatenates, at least he can make it readable.
Dominic Abraham 30-Jan-15 7:31am    
Can you make your question little more clear ??
ZurdoDev 30-Jan-15 7:46am    
Yes, 2 conditions is very easy. In fact you are already doing it, so what is your question?

1 solution

Well following the advice of the commentators, let's move it into a store procedure

You wrote:
"SELECT * FROM Enquiry where Cust_Name='" + myselection + "' or Cust_ID='" + vid + "'"


Change to:
On mssql execute command:
(datatypes should match those in your table)

SQL
create proc spSelectCustomerByNameAndID(
    @name nvarchar(50),
    @id nvarchar(50)
)
begin
   SELECT * FROM ENQUIRY WHERE CUST_NAME = @name AND CUST_ID = @id;
end


Next up from your C# something like this

C#
 using (SqlConnection con = new SqlConnection(connectionString)) {
    using (SqlCommand cmd = new SqlCommand("spSelectCustomerByNameAndID", con)) {
      cmd.CommandType = CommandType.StoredProcedure;

      cmd.Parameters.Add("@name", SqlDbType.VarChar).Value = myselection;
      cmd.Parameters.Add("@id", SqlDbType.VarChar).Value = vidvar ;

      con.Open();
      var reader = cmd.ExecuteReader();

/* As i read your code you are assigning to variables, so your read loop should not iterate or you will only see the last row.*/
                        if(!reader.HasRows){
   //TODO: Handle situation where search yields no results
   return;
} 
                        reader.Read();
                       //TODO: Assign variables
    }
  }


And on the exit i would like to present you to why all the good people were lamenting about not trusting input and such, the very real fear of sql injection. It is always more than a good idea to check that data comming from the UI, especially so if it is from web posts or gets: https://technet.microsoft.com/en-us/library/ms161953%28v=sql.105%29.aspx[^]
 
Share this answer
 
Posted
Updated 30-Jan-15 11:03am
v2
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
I need to create custom column using conditional statement.
How to avoid a lot nested if...else statements, considering very specific conditions in C?
how to create stored procedure for select query containing different where condition in two different queries
Sql where condition with multiple condition
DataGridView with columns from two tables and rows filtered by a where condition
How do I merge two dataframes on a column and condition on another column?
How to apply conditional statement in SQL WHERE clause
Getting : 'CREATE/ALTER PROCEDURE' must be the first statement in a query batch.
How to create dynamic query with multiple conditions in where clause?
LINQ query with where condition

Advertise
Privacy
Cookies
Terms of Use
Last Updated 30 Jan 2015
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web03 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900