Firstly, because you are doing it wrong: Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
Secondly, because you are using the wrong sql string: you declare
sql2
and use
sql1
in your command...
Finally, because LIKE requires SQL wildcards in order to find a "similar" match. In this case, you probably want "%" at the start and end of your clause:
string sql2 = "SELECT [A],[number of dups] FROM [Repeat of dest] WHERE [A] LIKE '%' + @STR + '%'";
using (System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand(sql2, conn2))
{
conn2.Open();
cmd.Parameters.AddWithValue("@STR", textBox4.Text);
...
And ask yourself a question: Is there any point in you asking questions if you are just going to ignore the advice you are given? This is not the first time I've told you about SQL Inject and parameterized queries, or about a similar problem - but you clearly aren't listening or thinking about what you have been told. Please start doing both...