You need to fix both your query syntax and the
SQL Injection[
^] vulnerability:
DataTable dt = new DataTable();
using (SqlConnection con = new SqlConnection("Data Source=SUBHAN-PC;Initial Catalog=subhan;Integrated Security=True"))
using (SqlCommand cmd = con.CreateCommand())
{
string query = "SELECT * FROM ghtdetails";
if (!string.IsNullOrWhiteSpace(textBox1.Text))
{
query += " WHERE EmployeeName Like '%' + @Filter + '%'";
query += " OR EmployeeEmailId Like '%' + @Filter + '%'";
cmd.Parameters.AddWithValue("@Filter", textBox1.Text);
}
cmd.CommandText = query;
SqlDataAdapter da = new SqlDataAdapter(cmd);
da.Fill(dt);
}
dataGridView1.DataSource = dt;