C# and SQL SELECT

Question

Currently I am working on a project regarding C# and SQL and I have a problem regarding the SELECT function and I cannot find any solutions on-line.

The scenario is regard searching query from C# through SQL server and display the results in a Data Grid View at C#.

I'm using Visual Studio 2008 and SQL Server Studio 2008.

Before starting the project I just did a quick Windows form from Visual studio and just did a datagridview, 2 text boxes and a Search Button.

At SQL Server I have aa database with a table DVD and I want to search, from this Windows form with the DVD ID and Name.

I started with the DVD ID and implemented this code :

private void btnView_Click(object sender, EventArgs e)
{
   SqlConnection c = new SqlConnection(@"Data Source=GILBERTB-PC\SQLEXPRESS;Initial Catalog=DVDandGameBooking;Integrated Security=True"); 

   DataTable t = new DataTable();

   string sqlString = "SELECT * From DVD where Id ='" + txtID.Text+ "'";

   SqlDataAdapter dt = new SqlDataAdapter(sqlString, c);        
   dt.Fill(t);

   dtgv1.DataSource = t;
}

and it worked :)

Then I changed the code to

string sqlString = "SELECT * From DVD where Name ='" + txtName.Text+ "'";

so that I can search with Name of the DVD but when I started the program and searched with the Name it just showed a blank database

Also is there any way that I can change the code so that I can either search with the ID or with the Name ?

Thanks for your help and time

Answer 1

Thoughts:

1. Make sure txtName.Text has a value
2. Try SQL select using Enterprise Manager, Toad, or some other query tool. What do you get?
3. Try using LIKE as example below
4. Worst case, maybe check the Collation for the Table, perhaps its set to 'Case Sensitive' text matching.

Both ID and Name:

SELECT * FROM DVD
      WHERE Id=[ID Value]
      OR Name LIKE '%[Name Value]%'

Answer 2

Or you could use SQLCommand with parameters like this:

SqlConnection c = new SqlConnection(@"Data Source=GILBERTB-PC\SQLEXPRESS;Initial Catalog=DVDandGameBooking;Integrated Security=True");
string queryString = "SELECT * From DVD where Id = @id";
var paramId = new SqlParameter("id", SqlDbType.VarChar);
var query = new SqlCommand(queryString, c);
query.Parameters.Add(paramId);

If you really want to use an SQLDataAdapter, you can set the select command to the one I wrote above. Otherwise, you can use a dataReader and iterate through the results.

Also, using parameters like this makes your query easier to read and makes it safer to SQL injections. It should always be considered.

Edit1: If you want to search with either the Id or the Name, you can just make 2 parameters, and put an OR between the 2, and maybe use the keyword like instead of = in your query. If the values can be null , you may want to build your query dynamically, depending on the values that are not null .