Two things you have to consider
-
SqlInjection
attack which you can refer from above answers - you are using SqlCommand.ExecuteNonQuery [^] which will result only
integer
value indicating the no of rows affected
where cannot show the details of customer in the gridview, you should use sqldataadapter[^] or SqlDataReader[^] to fetch the data and show it in the girdview
string connectionString = ConfigurationManager.ConnectionStrings["CustomerDB"].ConnectionString;
using (SqlCommand cmd = new SqlCommand("SELECT * FROM Customers WHERE CustomerId = @customer"))
{
using (SqlConnection con = new SqlConnection(connectionString))
{
cmd.Connection = con;
cmd.Parameters.Add("@customer", txtCustomerId.Text.Trim());
SqlDataAdapter da = new SqlDataAdapter(cmd);
DataTable dt = new DataTable();
da.Fill(dt);
CustomerGridView.DataSource = dt;
CustomerGridView.DataBind();
}
}
Since
sqldataadapter[
^] is a
disconnected
Architecture, No need to
Open
and
close
the connection manually. it will be taken care off. and since you are using
SqlConnection
under
Using
block, the
close()
part will be handled internally when the object gets
disposed
.