Your code is vulnerable to
SQL Injection[
^].
NEVER use string concatenation to build a SQL query.
ALWAYS use a parameterized query.
Once you've fixed that vulnerability, you'll see that you're trying to pass the
TextBox
control to the query, rather than its
.Text
property.
using (var connection = new SqlConnection("YOUR CONNECTION STRING"))
using (var command = new SqlCommand("SELECT Count(BookId) FROM book1 WHERE RegId = @RegId"))
{
command.Parameters.AddWithValue("@RegId", TextBox8.Text);
connection.Open();
int count = Convert.ToInt32(cmd.ExecuteScalar());
lblCount.Text = count.ToString();
}