select specific data from dataset in c#?

Question

i'm working on my school project. I've generated a dataset of SQL Server Compact edition database using visual studio's 'Data Set Configuration Wizard' .

I've a table named 'User'. I want to fill 'User' table of 'dataset' with only those records which meet specific criteria. but when i call 'adapter.Fill(ds.User)' it fills table with all the data from database's table.

i tried to set 'SELECT' command of adapter as

userAdapter.Adapter.SelectCommand.CommandText = string.Format("SELECT * FROM User WHERE UserName = {0}", userName);

but this is also not working. can anyone tell me how to specify 'WHERE' clause in 'SELECT' command of 'adapter'?

here is the image http://s3.postimg.org/4pqb9cwyr/error.png

here is the code also

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;

namespace Student_s_Expense_Manager
{
    public partial class Login : Form
    {
        public Login()
        {
            InitializeComponent();
        }

        private void btnLogin_Click(object sender, EventArgs e)
        {
            // Create 'User' Table Adapter
            ExpenseDataSetTableAdapters.UserTableAdapter userAdapter = new ExpenseDataSetTableAdapters.UserTableAdapter();

            // Create a Dataset of ExpenseDataSet
            ExpenseDataSet expenseDataset = new ExpenseDataSet();

            string userName = textBoxUserName.Text;

            userAdapter.Adapter.SelectCommand.CommandText = string.Format("SELECT * FROM [User] WHERE UserName = '{0}'", userName);
            userAdapter.Fill(expenseDataset.User);
        }
    }
}

Answer 1

A typed data adapter does indeed only init its SelectCommand when the Fill method is called. So unfortunately it will be hard for you to set the query you want with that in your way. I would advise that you quit using wizards and master the ado.net mechanics but that's beyond the scope of your question. Still, this link should be of interest.

That aside, your actual formatting of the query is wrong. If UserName is varchar your comparison will expect apostrophes ( ' ) surrounding your user name value. You must also make sure that your value will double any apostrophes it may itself contain so that Sql Server will interpret them as a char rather than a delimiter.

userAdapter.Adapter.SelectCommand.CommandText =
    string.Format("SELECT * FROM User WHERE UserName = '{0}'", userName.Replace("'", "''"));

Or better yet, use a parameter to protect your code from SQL injection attack :

userAdapter.Adapter.SelectCommand.CommandText =
    "SELECT * FROM User WHERE UserName = @UserName";
userAdapter.Adapter.SelectCommand.Parameters.AddWithValue("@UserName", userName);

Answer 2

Try

userAdapter.Adapter.SelectCommand.CommandText = string.Format("SELECT * FROM User WHERE UserName = '{0}'", userName);

You actually forgot to add colons ' ' around username

Answer 3

You have to enclose strings in quotes in a SQL statement:

userAdapter.Adapter.SelectCommand.CommandText = 
    string.Format("SELECT * FROM User WHERE UserName = '{0}'", userName);

However, you should NOT do this in a real application. For a school project you're OK but you should get in the habit of using parameters instead:

userAdapter.Adapter.SelectCommand.CommandText =
    string.Format("SELECT * FROM User WHERE UserName = @UserName");
userAdapter.Adapter.SelectCommand.Parameters.AddWithValue("@UserName",userName);

Do some research on SQL injection to understand why.