Click here to Skip to main content
15,900,511 members
Please Sign up or sign in to vote.
3.00/5 (1 vote)
See more:
My run mode as follows

i have one dropdownlist as follows i have one text box as follows textbox1
Change Name textbox1 53248
Change COC
Change Grade

Suppose when user select the Change Name from dropdownlist and click show button record shown in gridview
Show Button code as follows
C#
if (ddlType.SelectedItem.ToString() != "" || txtstudid.Text.ToString().Trim() == "")
          {
   Sql = "select Type,Reason,User_ID as Users,Crt_date from Admin_Track where Type ='"+ Type.ToString().Trim() + "'";
              dt = SCon.ReadSql_DT(Sql);
              if (dt.Rows.Count > 0)

                  gvAdminrpt.DataSource = dt;
                  gvAdminrpt.DataBind();
                  Cache["data"] = dt;
         }

Similarily Suppose when type the student id in textbox1 and click show button for that partiuclar record shown in gridview
C#
if (txtstudid.Text.ToString() !="" && ddlType.SelectedItem.ToString() == "")
        {
            
            Sql = "select Type,Reason,User_ID as Users,Crt_date from Admin_Track where Reason like '%"  + txtstudid.Text.ToString().Trim() + "%'";
            dt = SCon.ReadSql_DT(Sql);
            if (dt.Rows.Count > 0)
                gvAdminrpt.DataSource = dt;
                gvAdminrpt.DataBind();
                Cache["data"] = dt;
        }
Posted
Updated 1-Sep-15 1:50am
v3
Comments
ZurdoDev 1-Sep-15 7:40am    
I don't understand what your question is.
Suvendu Shekhar Giri 1-Sep-15 8:07am    
Not Clear.
Richard Deeming 1-Sep-15 11:57am    
Your code is vulnerable to SQL Injection[^].

NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900