How to search nvarchar of database

Question

1.00/5 (1 vote)

See more:

i want to search the data from column1 and column2, data on column1 is a name in japanese text in nvarchar were as column2 is in varchar format.i am trying to search from text box search in column2 fine but it doesnt work in column1 unless english text are added on it.

What I have tried:

if (textBox7.TextLength>0)
       {
           con.Open();
           DataTable ds = new DataTable();
         SqlDataAdapter adp = new SqlDataAdapter("SELECT *  FROM table1 WHERE [名前] LIKE '%" + textBox7.Text + "%' OR [モデル名] LIKE '%" + textBox7.Text + "%'", con);
           adp.Fill(ds);
            dataGridView1.DataSource = ds;
               con.Close();
              }

              else
              {
                  MessageBox.Show("モデル名を入力して検索してください");
              }

Posted 27-Feb-22 15:04pm

n.deny

Updated 27-Feb-22 21:46pm

Add a Solution

Comments

Richard Deeming 28-Feb-22 3:43am

Not like that!

Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation/interpolation to build a SQL query. ALWAYS use a parameterized query.

Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
Query Parameterization Cheat Sheet | OWASP[^]

2 solutions

Solution 2

Fix the SQL Injection[^] vulnerability in your code, and you will almost certainly resolve your problem at the same time.

C#

SqlDataAdapter adp = new SqlDataAdapter("SELECT *  FROM table1 WHERE [名前] LIKE @search OR [モデル名] LIKE @search", con);
adp.SelectCommand.Parameters.Add(new SqlParameter("@search", SqlDbType.NVarChar) { Value = "%" + textBox7.Text + "%" });

Posted 27-Feb-22 21:46pm

Richard Deeming

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

M Imran Ansari · Accepted Answer · 2022-02-27T18:14:00

Solution 1

Use the following code to file your NVarchar data column. The synonym for NVarchar is National Character Varying. While filtering data use 'N' at the start of data.

SqlDataAdapter adp = new SqlDataAdapter("SELECT *  FROM table1 WHERE [名前] LIKE N'%" + textBox7.Text + "%' OR [モデル名] LIKE '%" + textBox7.Text + "%'", con);

Posted 27-Feb-22 18:14pm

M Imran Ansari

Comments

Richard Deeming 28-Feb-22 3:43am

You have copied the SQL Injection[^] vulnerability from the question.

n.deny 28-Feb-22 19:39pm

thankyou Richard. it's working well