Click here to Skip to main content
15,881,757 members
Search within:


searching in database with parameters and textbox search
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
C#
hi guys,
i have a search form, which function is to search from database and show results in gridview, in this there are two boxes one is textbox and second is combobox, now in this one has to enter something in textbox and then select appropriate parameters from combobox as combobox is having some parammeters like name RollNo etc, and then the press search button for results. now issue m facing is, i am not able to use parameters of combobox and textbox together, means the search button should be able to check both boxes and then give results accordingly

C#
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Data.SqlClient;


namespace testingdatabase
{
    public partial class Form3 : Form
    {
        public Form3()
        {
            InitializeComponent();
        }

        private void button1_Click(object sender, EventArgs e)
        {
            new Form1().Show();
            this.Close();
        }

        private void text_searchstring_TextChanged(object sender, EventArgs e)
        {
            
        }

        private void button1_search_Click(object sender, EventArgs e)
        {
            text_searchstring + comboBox1.SelectedItem.ToString();
            errorProvider1.Dispose();
            //if (.Text.Length == 0)
            if (text_searchstring.Text.Length == 0)
                errorProvider1.SetError(text_searchstring, "please fill name");

            {
                SqlConnection conn = new SqlConnection();
                conn.ConnectionString = @"Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Documents and Settings\jumbo\my documents\visual studio 2010\Projects\testingdatabase\testingdatabase\Database1.mdf;Integrated Security=True;User Instance=True";
                conn.Open();
                //SqlCommand cmd = new SqlCommand();
                //cmd.Connection = conn;
                //cmd = new SqlCommand("select * from Table where name like '%" + txtsearch.Text + "%'");
                //cmd = new SqlCommand("select * from Table1 where name like '%" + text_searchstring.Text + "%'");
                SqlDataAdapter adapter = new SqlDataAdapter("select * from Table1 where Name like '%" + text_searchstring.Text + "%'" , conn);
                DataTable dt = new DataTable();
                //SqlDataAdapter adapter = new SqlDataAdapter();
                adapter.Fill(dt);
                dataGridView1.DataSource = dt;
                dataGridView1.Visible = true;
                //dataGridView1.DataSource = dt;
                //dataGridView1.Visible = true;
                conn.Close();
                conn.Dispose();
            }
        }

        private void comboBox1_SelectedIndexChanged(object sender, EventArgs e)
        {
            SqlConnection myConnection_Company = new SqlConnection();
            myConnection_Company.ConnectionString = @"Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Documents and Settings\jumbo\my documents\visual studio 2010\Projects\testingdatabase\testingdatabase\Database1.mdf;Integrated Security=True;User Instance=True";
            myConnection_Company.Open();
            SqlDataAdapter company = new SqlDataAdapter("select * from Table1 where Name like '" + comboBox1.SelectedItem.ToString() + "'", myConnection_Company);
            //DataTable dd = new DataTable();
            DataSet dd = new DataSet();
            company.Fill(dd);
            
                    text_searchstring.Text = "";
                
                myConnection_Company.Close();
                myConnection_Company.Dispose();
            } 

       private void groupBox1_Enter(object sender, EventArgs e)
       {

       }
    }
}
Posted
Add a Solution
Comments
E.F. Nijboer 31-Jan-13 5:30am    
Do you know Bobby Tables?
http://bobby-tables.com/
AdityaPratapSingh 31-Jan-13 5:49am    
what you exactly want to do?
E.F. Nijboer 31-Jan-13 6:01am    
You are concatenating strings to create a query string and is easily abused for sql injection. The comic of bobby tables illustrates this very nicely and is widely known to make this clear.
jangojan 1-Feb-13 0:35am    
i mentioned in my question partap, actually i want to give some input in textbox and select appropriate parameter from the combobox the then give results according to the inpute and parameters. but it is not happening
AdityaPratapSingh 1-Feb-13 0:37am    
ur problem still not solved

1 solution

try like this

C#
private void button1_search_Click(object sender, EventArgs e)
{
 string columname=comboBox1.SelectedText;
 string txttosearch= textbox1.Text;

 //Now rewrite ur query as 
"select * from Table1 where "+columnname+" like '%"+txttosearch+"%'"  

}



Rest whatevr you are doin is fine.
Just change query.

happy coding :)
 
Share this answer
 
Posted
Comments
jangojan 1-Feb-13 0:36am    
no it is not happening this time also, gives me no error, but when i input something in text box and select appropriate parameter from combobox the input in textbox disappear and press enter gives me error of sql adapter, so pleaase can you have look of code again,
jangojan 1-Feb-13 0:41am    
private void text_searchstring_TextChanged(object sender, EventArgs e)
{

}

private void button1_search_Click(object sender, EventArgs e)
{
string Name = comboBox1.SelectedText;
string txttosearch = text_searchstring.Text;
//string parameter = text_searchstring + comboBox1.SelectedItem.ToString();
//string parameter = text_searchstring.Text + comboBox1.SelectedText.ToString();
//errorProvider1.Dispose();
//if (.Text.Length == 0)
//if (text_searchstring.Text.Length == 0)
// errorProvider1.SetError(text_searchstring, "please fill name");

{
SqlConnection conn = new SqlConnection();
conn.ConnectionString = @"Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Documents and Settings\jumbo\my documents\visual studio 2010\Projects\testingdatabase\testingdatabase\Database1.mdf;Integrated Security=True;User Instance=True";
conn.Open();
//SqlCommand cmd = new SqlCommand();
//cmd.Connection = conn;
//cmd = new SqlCommand("select * from Table where name like '%" + txtsearch.Text + "%'");
//cmd = new SqlCommand("select * from Table1 where name like '%" + text_searchstring.Text + "%'");
SqlDataAdapter adapter = new SqlDataAdapter("select * from Table1 where "+Name+" like '%" +txttosearch+ "%'" , conn);
DataTable dt = new DataTable();
//SqlDataAdapter adapter = new SqlDataAdapter();
adapter.Fill(dt);
dataGridView1.DataSource = dt;
dataGridView1.Visible = true;
//dataGridView1.DataSource = dt;
//dataGridView1.Visible = true;
conn.Close();
conn.Dispose();


this time the code is like this . . please correct the code
jangojan 1-Feb-13 1:20am    
ok i sendign you the cs page now
AdityaPratapSingh 1-Feb-13 3:33am    
i didnt receive any code in my mail box
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
Search in database in C# using async
Searching through AJax using Textbox in asp.net, C#
Search database for the textbox text
Searching with textbox and a button
asp.net search in textbox
Search Textbox Items
TextBox search in Grid
Search in database using textbox and dropdownlist
Implement a generic method, search, that searches the specified element within an array using linear search algorithm.
Advance Search in Database

Advertise
Privacy
Cookies
Terms of Use
Last Updated 31 Jan 2013
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web04 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900