I have error when i search database with textbox [C#]

Question

i have error with textbox Search for database. the database is Northwind.dbo

when i key a character in a textbox. it have a this error thank you for answer

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using System.Data.SqlClient;

namespace Lab10_2 {
public partial class Form1 : Form
{
    SqlConnection Conn;
    SqlCommand Cmd;
    SqlDataAdapter da;
    DataSet ds;
    DataTable dt;
    SqlCommandBuilder CmdBld;

    public Form1()
    {
        InitializeComponent();
    }
    private void Form1_Load(object sender, EventArgs e)
    {
        savebtn.Enabled = false;
        delbtn.Enabled = false;
        editbtn.Enabled = false;

        String StrConn = "Data Source=POOMJIRAROJ;Initial Catalog=Northwind;Integrated Security=True;Connect Timeout=15;Encrypt=False;TrustServerCertificate=False;ApplicationIntent=ReadWrite;MultiSubnetFailover=False";
        Conn = new SqlConnection(StrConn);
        Conn.Open();
    }
    private void loadbtn_Click(object sender, EventArgs e)
    {
        loadbtn.Enabled = false;
        editbtn.Enabled = true;
        delbtn.Enabled = false;
        savebtn.Enabled = false;

        String StrQry = "select *From Customers";
        Cmd = new SqlCommand(StrQry,Conn);

        da = new SqlDataAdapter(Cmd);
        ds = new DataSet();
        dt = new DataTable();
        da.Fill(ds, "Customers");
        dt = ds.Tables["Customers"];

        CmdBld = new SqlCommandBuilder(da);

        dataGridView1.DataSource = dt;
        dataGridView1.ReadOnly = true;
        dataGridView1.SelectionMode = DataGridViewSelectionMode.FullRowSelect;
        Conn.Close();
    }
    private void editbtn_Click(object sender, EventArgs e)
    {
        dataGridView1.ReadOnly = false;
        loadbtn.Enabled = false;
        editbtn.Enabled = true;
        delbtn.Enabled = true;
        savebtn.Enabled = true;
    }
    private void savebtn_Click(object sender, EventArgs e)
    {
        da.Update(dt);
        dataGridView1.ReadOnly = true;

        savebtn.Enabled = false;
        delbtn.Enabled = false;
        editbtn.Enabled = true;
    }
    private void delbtn_Click(object sender, EventArgs e)
    {
        if(MessageBox.Show("Delete This Row","Delete",MessageBoxButtons.YesNo) == DialogResult.Yes)
        {
            dataGridView1.Rows.RemoveAt(dataGridView1.SelectedRows[0].Index);
            da.Update(dt);
        }
    }
    private void txtSearch_TextChanged(object sender, EventArgs e)
    {
        SqlDataAdapter StrQry = new SqlDataAdapter("Select CustomerID, CompanyName, ContractTitle, Country From Customers Where (CompanyName ' %" +txtSearch.Text+ "% ')", Conn);
        ds = new DataSet();
        StrQry.Fill(ds);
        dataGridView1.DataSource = ds;
    }
}
}

you are missing the `LIKE` key word – MethodMan Nov 05 '15 at 23:14 — MethodMan, Nov 05 '15 at 23:14

score 1 · Answer 1 · edited May 23 '17 at 11:59

You are missing the operator in the WHERE clause

 SqlDataAdapter StrQry = new SqlDataAdapter(@"
            Select CustomerID, CompanyName, ContractTitle, Country 
            From Customers Where CompanyName LIKE @search", Conn);
 StrQuery.SelectCommand.Parameters.Add("@search", SqlDbType.NVarWChar).Value = "%" + txtSearch.Text +"%";

An operator is required to complete the where clause, I use LIKE to search for every text that contains the letters typed and use a parameter to execute the search

NEVER use string concatenation to build an sql command. Your code could be hacked with a simple tecnique called Sql Injection

I have error when i search database with textbox [C#]

1 Answers1