This is not the perfect solution and it will solve your problem mediately.
Since you are using a gridview and you want filtering and sorting I think this link will help you display what you ask for:
Gridview helper[
^]
Secondly for avoiding
SQL injections[
^] use
Parameterized Queries[
^].
When you want to add a parameter to your SQL query you use,
cmd.Parameter.Add. For better understanding check the provided link
here[
^]
Good luck,
OI