使用C＃进行搜索，但在文本搜索中不起作用

Question

I am faced with a problem that I searched in google but I don't find my answer. I want to make search in windows form in C# but it working just in numeric value and my project is in Persian so I need to search by nvarchar value, so it doesn't work. Please help me.

Here is my code: it messages this (Incorrect syntax near '=')

SqlDataAdapter da = new SqlDataAdapter( @"SELECT Dmokalafiat, Dihteyat FROM Armyservices where Ename = "+ txtsearch.Text,db.con);

DataTable dt = new DataTable();
da.Fill(dt);
if (dt.Rows.Count > 0)
{
    Textbox1.Text = dt.Rows[0]["Dmokalafiat"].ToString();
    Textbox2.Text = dt.Rows[0]["Dihteyat"].ToString();
}

Answer 1

i think it is because of SQL Injection attacks. you can make it like this sample code:

 using(var con = new SqlConnection(...))
    {
    var cmd = new SqlCommand("select Dmokalafiat, Dihteyat  from Armyservices where Ename = @Ename ", con);
    con.Open();
    cmd.Parameters.AddWithValue("@Ename ", txtsearch.Text);
    var da = new SqlDataAdapter(cmd);
    var dt = new DataTable();
    da.Fill(dt);
      if (dt.Rows.Count > 0)
      {
        Textbox1.Text = dt.Rows[0]["Dmokalafiat"].ToString();
        Textbox2.Text = dt.Rows[0]["Dihteyat"].ToString();
      }
    }

Answer 2

There are several problems in your example;

SqlDataAdapter da = new SqlDataAdapter( @"SELECT Dmokalafiat, Dihteyat FROM Armyservices where Ename = "+ txtsearch.Text,db.con);

Should at least be

SqlDataAdapter da = new SqlDataAdapter( @"SELECT Dmokalafiat, Dihteyat FROM Armyservices where Ename = '"+ txtsearch.Text + "'",db.con);

However this is not really good practise and you should use named parameters instead of concatenated values - but thats a different question.