Well (ignoring the reasons that won't compile - C# is case sensitive, so
TempproductID
is not the same as
Tempproductid
, and ingnoring the dangerous code you are using) the first thing to look at is that you are searching for an exact match on your product / customer id value - and unless there is something very, very amiss in your system, there will only ever be one exactly match on an ID - if you have two or more customers with the same id, who are you going to bill? If you have two or more products with the same ID, which are you going to send?
Try a LIKE query:
SELECT * FROM MyTable WHERE MyTextColumn LIKE '%Paul%'
Will return all values that contain the word "Paul" - '%' is a wildcard character in SQL LIKE comparisons.
But seriously, never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead:
SELECT * FROM MyTable WHERE MyTextColumn LIKE '%' + @SEARCH + '%'
And provide the text via a parameter @SEARCH