Click here to Skip to main content
15,881,172 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
Hi!
I would like to display data inside my datagridview based from the conditions from my combo box and textbox. Data will display if the user select an item inside the combo box, likewise with the text box. For example: If the user choose, 2015-2016 and press search button, data will display to the datagridview related to the combo box. if the user input any characters, and press search button, it will display the data based from the combo box and textbox.The user can also search based from both tools. I have a my code here, but nothing happens.Can anyone help me?

C#
 //Button_Search Code
MySqlConnection = new SqlConnection(conn.GetServers());//Connection to the database
          MySqlConnection.Open();
          m_da = new SqlDataAdapter("Select AssessmentNumber,StudentFirstName, StudentMiddleName, StudentLastName,Gender,GradeLevel,Status,Address,City,Province, Age from tblAssessment where SchoolYear ='" + schoolyear.SelectedItem + "' AND AssessmentNumber LIKE '" + stud_search.Text + "' OR StudentFirstName LIKE '" + stud_search.Text + "' OR StudentLastName LIKE '" + stud_search.Text + "' ", MySqlConnection);
          ds = new System.Data.DataSet();
          m_da.Fill(ds, "Student_Info");
          dg_studSearch.DataSource = ds.Tables[0];


void IsLoadToCombobox() // this is what my data in combobox will be.
        {
            MySqlConnection = new SqlConnection(conn.GetServers());

            SqlCommand sqlCmd = new SqlCommand("SELECT DISTINCT SchoolYear FROM tblSchoolYear", MySqlConnection);
            MySqlConnection.Open();
            SqlDataReader sqlReader = sqlCmd.ExecuteReader();

            while (sqlReader.Read())
            {
                schoolyear.Items.Add(sqlReader["SchoolYear"].ToString());
            }

            sqlReader.Close();
        }

that's all my code.
Posted
Updated 15-Jan-15 1:59am
v3
Comments
ZurdoDev 15-Jan-15 7:47am    
1. Your code is vulnerable to a sql injection attack. You need to change to user a parameterized query. Google for examples if you aren't sure how.
2. You need to show the rest of the relevant code. How is this getting called? Are you sure this code is reached? If so, then it's possible your sql is returning nothing.
DarkDreamer08 15-Jan-15 7:54am    
I am aware of SQL Injection attack to my code. Later I will fix that. Thanks for your concern. But my problem is that it's not displaying the data that I want.
ZurdoDev 15-Jan-15 7:59am    
If it is calling your sql then only you can debug it since we can't see what you're doing or what you need. However I will point out that you had AND and OR in your where clause without any () so if you're getting more data than expected, that's likely the cause.

1 solution

It's quite possible that it's the content of your TextBoxes that gives the problem: SQL LIKE doesn't work the same as Windows "*.*" file wildcards.
Try adding a leading and trailing "%":
C#
... OR StudentFirstName LIKE '%" + stud_search.Text + "%' OR ...
and it may start to do what you want.

But seriously, as RyanDev says, never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead, even for testing - it's a lot safer (and generally easier to read as well).
If you don't do it to start with, you won;t come back later and fix it - and it will bite you very badly later when your DB gets damaged by accident...and you don't know how it happened.
 
Share this answer
 
Comments
DarkDreamer08 19-Jan-15 1:14am    
When I select an item in combobox, it does not display the right data. It display all the results though it is not related to combobox. But if I will used the textbox as my searching tool, the searching of data goes well. What is the problem might be?

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900