How to display data inside datagridview based from combobox and textbox?

Question

0.00/5 (No votes)

See more:

Hi!
I would like to display data inside my datagridview based from the conditions from my combo box and textbox. Data will display if the user select an item inside the combo box, likewise with the text box. For example: If the user choose, 2015-2016 and press search button, data will display to the datagridview related to the combo box. if the user input any characters, and press search button, it will display the data based from the combo box and textbox.The user can also search based from both tools. I have a my code here, but nothing happens.Can anyone help me?

C#

 //Button_Search Code
MySqlConnection = new SqlConnection(conn.GetServers());//Connection to the database
          MySqlConnection.Open();
          m_da = new SqlDataAdapter("Select AssessmentNumber,StudentFirstName, StudentMiddleName, StudentLastName,Gender,GradeLevel,Status,Address,City,Province, Age from tblAssessment where SchoolYear ='" + schoolyear.SelectedItem + "' AND AssessmentNumber LIKE '" + stud_search.Text + "' OR StudentFirstName LIKE '" + stud_search.Text + "' OR StudentLastName LIKE '" + stud_search.Text + "' ", MySqlConnection);
          ds = new System.Data.DataSet();
          m_da.Fill(ds, "Student_Info");
          dg_studSearch.DataSource = ds.Tables[0];

void IsLoadToCombobox() // this is what my data in combobox will be.
        {
            MySqlConnection = new SqlConnection(conn.GetServers());

            SqlCommand sqlCmd = new SqlCommand("SELECT DISTINCT SchoolYear FROM tblSchoolYear", MySqlConnection);
            MySqlConnection.Open();
            SqlDataReader sqlReader = sqlCmd.ExecuteReader();

            while (sqlReader.Read())
            {
                schoolyear.Items.Add(sqlReader["SchoolYear"].ToString());
            }

            sqlReader.Close();
        }

that's all my code.

Posted 15-Jan-15 0:27am

DarkDreamer08

Updated 15-Jan-15 1:59am

v3

Add a Solution

Comments

ZurdoDev 15-Jan-15 7:47am

1. Your code is vulnerable to a sql injection attack. You need to change to user a parameterized query. Google for examples if you aren't sure how.
2. You need to show the rest of the relevant code. How is this getting called? Are you sure this code is reached? If so, then it's possible your sql is returning nothing.

DarkDreamer08 15-Jan-15 7:54am

I am aware of SQL Injection attack to my code. Later I will fix that. Thanks for your concern. But my problem is that it's not displaying the data that I want.

ZurdoDev 15-Jan-15 7:59am

If it is calling your sql then only you can debug it since we can't see what you're doing or what you need. However I will point out that you had AND and OR in your where clause without any () so if you're getting more data than expected, that's likely the cause.

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Accepted Answer · 2015-01-15T02:06:00

It's quite possible that it's the content of your TextBoxes that gives the problem: SQL LIKE doesn't work the same as Windows "*.*" file wildcards.
Try adding a leading and trailing "%":

C#

... OR StudentFirstName LIKE '%" + stud_search.Text + "%' OR ...

and it may start to do what you want.

But seriously, as RyanDev says, never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead, even for testing - it's a lot safer (and generally easier to read as well).
If you don't do it to start with, you won;t come back later and fix it - and it will bite you very badly later when your DB gets damaged by accident...and you don't know how it happened.