Front and foremost is that your query is
Vulnerable to SQL Injection. NEVER EVER build a query concatenating strings together.
While this controller action only accepts an INTeger as the input value and you have some protection, it is a bad habit to get into. This vulnerability is over 20 years old, and apathetic code like this keeps this vulnerability within the Top 10 security issues to this day.
ORMs (e.g. EntityFramework) and LINQ became front and center to protect you from these types of errors.
The proper way to add a variable to a query is via the
Command.Parameter
collection.
string query = "SELECT * FROM Table WHERE TableNDX = @Value";
SqlCommand cmd = new SqlCommand(query, connection);
cmd.Parameters.AddWithValue("@Value", value);
In your case, it looks like you are using some simple data-access class called
obj_fun with a
getAll_Records method. You may want to look into this method to see if it has an overload available to accept parameters, and if not create one and use it.
What does your query return if you run this in an Sql Client such as SSMS?
While you are in there; I would recommend trimming your query down by using
aliases. It is a lot easier to read
SELECT a.DiningSysSeq, a.DiningCode, a.DiningName, a.Floor
, t.TableCode, t.TableName, t.NOofSeat
FROM dbo.DiningArea as A
INNER JOIN dbo.DiningTables as T
ON a.DiningSysSeq = t.DiningSysSeq
AND a.DiningSysSeq = @Value
You may also want to consider creating a VIEW within your database once you get the query fine tuned to make it a cleaner call.
Finally, run this in
DEBUG mode and step through this Action step by step, to see what values are where within it. This is going to be the best way to check everything out.