SQL statement no working for C# database search

Question

Im trying to have my program search my database and add the results to a listview control. The listview populates with a SQL statement of: SELECT * FROM dbo.TBL_Locations

However when I try to make it search with a where statement and add values it keeps returning nothing

String selStmt = "SELECT * FROM dbo.TBL_Locations WHERE @SearchParameter = @SearchTerm";
SqlCommand selCmd = new SqlCommand(selStmt, conn);
selCmd.Parameters.AddWithValue("@SearchParameter", SearchParameter);
selCmd.Parameters.AddWithValue("@SearchTerm", SearchTerm);

So SearchParameter would have for example "City" (searching the City column) and SearchTerm would have "Leeds" (Searching for Leeds in the City column)

however what I think is happening is it's basically trying to assign searchTerm to SearchParameter rather than replacing them with the values?

I've tried various different where statements from what I've found on google but cannot seem to get it to work.

I hope it makes sense what I am meaningş.

Answer 1

So you want to search more than one column name, then try like this,

        StringBuilder sb = new StringBuilder();

        sb.Append("SELECT * FROM dbo.TBL_Locations WHERE ");

        switch (SearchParameter)
        {
            case "City":
                 sb.Append(" City = @SearchTerm");
                break;

            case "Stadium":
                 sb.Append(" Stadium = @SearchTerm");
                break;
        }

        SqlCommand selCmd = new SqlCommand(sb.ToString(), conn);
        selCmd.Parameters.AddWithValue("@SearchTerm", SearchTerm);

Answer 2

You can use a stored procedure like this:

CREATE PROCEDURE TBL_Locations_Select (
    @City varchar(50), -- or whatever length your actual column is
    @Stadium varchar(50) -- or whatever length your actual column is
)  
AS
SELECT *
FROM dbo.TBL_Locations
WHERE City = CASE WHEN @City IS NULL THEN City ELSE @City END
AND Stadium = CASE WHEN @Stadium IS NULL THEN Stadium ELSE @Stadium END

This is sql injection safe and not to bad on performance.
If your City or Stadium is nullable columns you might want to do this a little different:

WHERE COALESCE(City, '') = CASE WHEN @City IS NULL THEN COALESCE(City, '') ELSE @City END
AND COALESCE(Stadium, '') = CASE WHEN @Stadium IS NULL THEN COALESCE(Stadium, '') ELSE @Stadium END

Then on your c# code you write something like this:

string City;
string Stadium;

SqlCommand selCmd = new SqlCommand("TBL_Locations_Select", conn);
selCmd.CommandType = CommandType.StoredProcedure;
selCmd.Parameters.AddWithValue("@City", (String.IsNullOrEmpty(City)) ? DBNull.Value : City ;);
selCmd.Parameters.AddWithValue("@Stadium", (String.IsNullOrEmpty(Stadium)) ? DBNull.Value : Stadium ;);

Answer 3

Change to:

String selStmt = "SELECT * FROM dbo.TBL_Locations WHERE City = @SearchTerm";

Where "City" is the column in the DB

Answer 4

Try this

        String selStmt = "SELECT * FROM dbo.TBL_Locations WHERE @SearchParameter = @TextBox1.Text" AND  @SearchTerm = @TextBox2.Text";
        SqlCommand selCmd = new SqlCommand(selStmt, conn);
        selCmd.Parameters.AddWithValue("@SearchParameter", SearchParameter);
        selCmd.Parameters.AddWithValue("@SearchTerm", SearchTerm);