Searching based on dynamic SQL in ASP.NET MVC without using Entity Framework

Question

Can anyone give some idea for custom searching? I am looking for a way to implement this logic using ASP.NET MVC.

What I want is either to search for a user who is in Newyork or gender is Male - or also search for a user who is in Newyork and gender is male using AND OR logic with using of 2 radio button one 'AND' another 'OR'. Check my screenshot of client side view:

Here is my code sample:

DemoSearchController :

public ActionResult Index(string loactionsearch,string txtGenderSkill)
{
    string mainconn = ConfigurationManager.ConnectionStrings["DefaultConnection"].ConnectionString;

    SqlConnection sqlconn = new SqlConnection(mainconn);
        
    string sqlquery = "select * from [dbo].[LocationInfo] where LocationName like '%" + loactionsearch + "%' AND Gender like '%" + txtGenderSkill + "%'";

    SqlCommand sqlcomm = new SqlCommand(sqlquery, sqlconn);

    sqlconn.Open();

    SqlDataAdapter sda = new SqlDataAdapter(sqlcomm);
    DataSet ds = new DataSet();
    sda.Fill(ds);

    List<LocationInfo> location = new List<LocationInfo>();

    foreach (DataRow dr in ds.Tables[0].Rows)
    {
        location.Add(new LocationInfo
                {
                    ID = Convert.ToInt64(dr["ID"]),
                    LocationName = Convert.ToString(dr["LocationName"]),
                    Gender = Convert.ToString(dr["Gender"])
                });
    }

    sqlconn.Close();
    ModelState.Clear();

    return View(location);                       
}

Index.cshtml :

@model IEnumerable<CM_CRUD_BootstrapPopUp.Models.LocationInfo>

@using (Html.BeginForm("Index", "DemoSearch", FormMethod.Get))
{
    <div class="row">
        <div class="col-md-6">
            <p>
                <!--TextBox-->
                <input type="text" id="txtNewMultSkill" name="loactionsearch" placeholder="Enter Location" class="form-control placeholder-no-fix">

                <!--Radio Button-->
                <input type="radio" id="html" name="fav_language" value="AND">
                <label for="html">AND</label><br>
                <input type="radio" id="css" name="fav_language" value="OR">
                <label for="css">OR</label><br>

                <!--TextBox-->
                <input type="text" id="txtGenderSkill" name="gendersearch" placeholder="Enter Gender" class="form-control placeholder-no-fix">
                <br />
                <!--SearchButton-->
                <input type="submit" value="Search" name="submit" />
            </p>

            <div class="col-md-6" id="div_Keyskills">
                <div class="" id="txtKeyskill">
                </div>
            </div>
            <input type="hidden" id="hdnSkill" />
        </div>
    </div>
   // ....
   // other table view code here
}

Answer 1

Add one more parameter to your method like

public ActionResult Index(string loactionsearch, string txtGenderSkill, string concatinator)
{
            string mainconn = ConfigurationManager.ConnectionStrings["DefaultConnection"].ConnectionString;
            SqlConnection sqlconn = new SqlConnection(mainconn);

            string sqlquery = "select * from [dbo].[LocationInfo] where LocationName like '%" + loactionsearch + "%' ";
            sqlquery += concatinator;
            sqlquery += " Gender like '%" + txtGenderSkill + "%'";
            SqlCommand sqlcomm = new SqlCommand(sqlquery, sqlconn);
            sqlconn.Open();

Pass AND/OR in this new parameter

this is neither a best approach for dealing with SQL queries nor is the way to work with sensitive data. Please use parameterized queries at least