Gridview and Textbox by using where condition

Question

0.00/5 (No votes)

See more:

Hi Sir,

I am Rakesh P.

I have a simple issue about Gridview and Textbox .

I have table "EMP" in database. now I have textbox and button & Gridview ON PAGE

I want to display result for particular empid in gridview when i enter empid in text box . I tried to implement it by using where clause but it shows error that textbox can't bound with gv

I have implemented like this ....what is wrong in this

C#

protected void Button1_Click(object sender, EventArgs e)
                {
                    SqlConnection Cn = new SqlConnection("server=OM-PC;database=master;uid=SA;pwd=123");

                    SqlCommand Cmd = new SqlCommand("SELECT * FROM DEPT WHERE TextBox1.Text= DNO", Cn);
                    Cn.Open();

                    SqlDataReader Dr = Cmd.ExecuteReader();

                    GridView1.DataSource = Dr;
                    GridView1.DataBind();

                    Dr.Close();

                    Cn.Close();


                }
            }

Please help me ...

-Rakesh

Posted 16-Jul-12 3:40am

Rectus

Updated 16-Jul-12 3:43am

Mohamed Mitwalli

v2

Add a Solution

4 solutions

Solution 3

Hi ,
check this Example it will help you

C#

protected void Button1_Click(object sender, EventArgs e)
   {
       using (SqlConnection Cn = new SqlConnection(ConfigurationManager.ConnectionStrings["testConnectionString"].ConnectionString))
       {
          using ( SqlCommand Cmd = new SqlCommand("SELECT * FROM orders WHERE orderid= @orderid", Cn))
        {
           Cn.Open();

           Cmd.Parameters.AddWithValue("@orderid",int.Parse( TextBox1.Text));
           SqlDataReader Dr = Cmd.ExecuteReader();
           if (Dr.HasRows)
           {
               GridView1.DataSource = Dr;
               GridView1.DataBind();
           }
            Dr.Close();

           Cn.Close();
            }

       }
   }

XML

<div>

    <asp:GridView ID="GridView1" runat="server">
    </asp:GridView>

    <br />
    <asp:TextBox ID="TextBox1" runat="server"></asp:TextBox>

    <asp:Button ID="Button1" runat="server" Text="Button" onclick="Button1_Click" />

</div>

Best Regards
M.Mitwalli

Posted 16-Jul-12 3:54am

Mohamed Mitwalli

Updated 16-Jul-12 19:44pm

v2

Solution 4

Use the below code it will be useful.

C#

SqlConnection Cn = new SqlConnection("Data Source=WINHY1BRAJESH;Initial Catalog=master;Integrated Security=SSPI;");
 
SqlCommand Cmd = new SqlCommand("SELECT * FROM DEPT WHERE DNO = " + TextBox1.Text, Cn);
Cn.Open();
 
SqlDataReader Dr = Cmd.ExecuteReader();
 
GridView1.DataSource = Dr;
GridView1.DataBind();
 
Dr.Close();
 
Cn.Close();

Posted 16-Jul-12 3:59am

Rajesh Buddaraju

Updated 16-Jul-12 4:00am

v2

Comments

StianSandberg 16-Jul-12 10:02am

this solution opens up for sql-injections.. Bad idea. You should use sql-parameters!

Rajesh Buddaraju 17-Jul-12 5:33am

This is just an example we need to put the queries in stored procedure to avoid Sql-injections.

StianSandberg 17-Jul-12 5:49am

You don't have to use stored procedure to avoid sql-injections.
Your answer contains a potentially harmful example code which should not be used under any circumstances.

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

StianSandberg · Accepted Answer · 2012-07-16T03:48:00

Solution 2

Sql doesn't know your Textbox.

C#

SqlCommand Cmd = new SqlCommand("SELECT * FROM DEPT WHERE TextBox1.Text= DNO", Cn);

You have to add a parameter to your sql representing your textbox's value:

C#

SqlCommand Cmd = new SqlCommand("SELECT * FROM DEPT WHERE @txt = DNO", Cn);
Cmd.Parameters.AddWithValue("@txt", TextBox1.Text);

Posted 16-Jul-12 3:48am

StianSandberg

v2

Comments

Mohamed Mitwalli 16-Jul-12 11:27am

5 + but it will be better if you suggest for him using
using( SqlCommand Cmd = new SqlCommand("SELECT * FROM DEPT WHERE @txt= DNO", Cn))
{

}

StianSandberg 17-Jul-12 1:47am

I guess you meant:
using( SqlCommand Cmd = new SqlCommand("SELECT * FROM DEPT WHERE @txt=DNO", Cn))
{
}
But "one step at a time" ;) He is obviously seeing solution 1 as the best choice here..

Mohamed Mitwalli 17-Jul-12 2:31am

yes but I'm not agree with the First solution as you mentioned in your comment sql-injections

Mohamed Mitwalli 17-Jul-12 2:32am

yes thanks i didn't noticed i made this mistake :)

StianSandberg 17-Jul-12 2:33am

We should be able to put a big warning-sign on answers like that.. :)

Mohamed Mitwalli 17-Jul-12 2:39am

lol yes why not :)

sanwar_mal_jat · Accepted Answer · 2012-07-16T03:47:00

Solution 1

Hello use this code as like may be help full...

    protected void Button1_Click(object sender, EventArgs e)
{
SqlConnection Cn = new SqlConnection("server=OM-PC;database=master;uid=SA;pwd=123");
 
SqlCommand Cmd = new SqlCommand("SELECT * FROM DEPT WHERE DNO= "+TextBox1.Text, Cn);
Cn.Open();
 
SqlDataReader Dr = Cmd.ExecuteReader();
 
GridView1.DataSource = Dr;
GridView1.DataBind();
 
Dr.Close();
 
Cn.Close();
 

}

Posted 16-Jul-12 3:47am

sanwar_mal_jat

Comments

StianSandberg 16-Jul-12 9:50am

This is not a good solution. What if i fill out the textbox with: "1; DELETE FROM DEPT;"!??...

Then this sql is executed "SELECT * FROM DEPT WHERE DNO=1; DELETE FROM DEPT;"
Booom.. your table is gone..

[no name] 16-Jul-12 9:58am

THANQ SO MUCH..................

StianSandberg 16-Jul-12 10:01am

Rectus: You can't use this. Its open for sql-injections. Please use a sql parameter as described in the other answers...

Mohamed Mitwalli 16-Jul-12 11:28am

Agree with you