Last post May 26, 2011 09:35 PM by Decker Dong - MSFT
May 25, 2011 03:55 AM|nchainis|LINK
I need some help here
i have a project in asp.net and i try to create a search (textbox) in a Gridview , i need to search and a find a record in gridview
my problem is with syntax
"select * from Cables where CableName (like '% " & textbox1.text & " ')"
and the result is "incorect syntax near to textbox1.text"
any idea? can one help me???
May 25, 2011 04:01 AM|Shetty Abhijit J.|LINK
"select * from Cables where CableName like '%" & textbox1.text & "'"
And you will have to fetch textbox1 from grid view as.
If your grid view is bound to data and you know the row number (say 0) then:
will fetch your Textbox
May 25, 2011 04:06 AM|nchainis|LINK
thanks for help but incorrect syntax near '%asp'
May 26, 2011 10:43 AM|WombatEd|LINK
You're using both single and double quotes. And putting user input directly into your query invites SQL Injection attacks.
I'd put the TextBox.Text into a parameter, and use something like the following:
SELECT * FROM Cables WHERE CableName LIKE '%' + @SearchText + '%'
May 26, 2011 09:35 PM|decker dong - msft|LINK
In fact a better way is——This is my tested sample
using (SqlConnection con = new SqlConnection("server=.\\sqlexpress;database=test_db;integrated security=sspi"))
SqlCommand cmd = new SqlCommand("select * from tb_student where studentname like @studentname",con);
SqlDataReader r = cmd.ExecuteReader();