I'm gonna be pretty anal about this, but your code is very vulnerable. MySQL really doesn't like un-disposed connections.
Please change your code as follows:
private const string Query =@"SELECT
a.orig_clli,
b.clli_name as Vendor,
a.region as Region,
round(sum(a.billedSeconds/60),2) as MIns,
round(sum(a.amount),4) as Amount,
round(sum(a.v_billedSeconds/60),2) as V_Mins,
round(sum(a.v_amount),4) as V_Amount,
round(sum(a.amount)-sum(a.v_amount),2) as profit
from
welco1_all.az_outbound_cdr_{0} a
inner join welco1_all.outbound_vendor_master b on a.term_clli=b.clli
where
orig_clli in(@clli)
GROUP BY
a.term_clli,
a.orig_clli,
a.region
ORDER BY
a.term_clli,
a.orig_clli,
a.region";
It's regrettable that your db is build this way as it still leaves your code open to attack.
What if someone entered the following into textBox6:
";SELECT host, user, password FROM mysql.user; #"
It's trivial to change the input type on a webform from date to text
There are ways to prevent this:
How To: Protect From SQL Injection in ASP.NET[
^]
anyway - On with the code...
using (OdbcConnection con =
new OdbcConnection(ConfigurationManager.ConnectionStrings["connect3"].ConnectionString))
{
using (OdbcCommand cmd2 = con.CreateCommand())
{
cmd2.CommandText = string.Format(Query,date);
cmd2.Parameters.AddWithValue("@clli", TextBox6.Text);
cmd2.CommandType = CommandType.Text;
cmd2.CommandTimeout = 600;
con.Open();
using (OdbcDataAdapter da2 = new OdbcDataAdapter(cmd2))
{
da2.Fill(dsnewpop1);
}
con.Close();
}
}
GridView34.DataSource = dsnewpop1;
GridView34.DataBind();
mdlChild.Show();