-10
private void button1_Click(object sender, EventArgs e)
{
    DataTable DataTab = new DataTable();
    DaSql = new SqlDataAdapter("SELECT * FROM Student where Gender = '" + textBox1.Text + "' ", conSql);
    DaSql.Fill(DataTab);
    DataGridQueryResult.DataSource = DataTab;
}
MethodMan
  • 18,625
  • 6
  • 34
  • 52
Ali Ahsan Noon
  • 29
  • 1
  • 8
  • 2
    Please describe what you have tried and how. – Joakim Ericsson May 03 '16 at 15:50
  • 2
    Code is vulnerable to **SQL INJECTION** – Pரதீப் May 03 '16 at 15:50
  • 1
    change the Query to handle `parameters` you are subjecting yourself to what is known as `SQL Injection` also when you step through the code using the debugger, what is the value of `DataTab` is the table filled with data or is it null..? also is this `winforms or webforms` application if it's winforms and the data is not displaying try calling `DataGridQueryResult.Refresh()` after you assign the DataSource – MethodMan May 03 '16 at 15:52
  • Where is conSql being assigned a value? – Jacob Barnes May 03 '16 at 18:06

2 Answers2

0

Dont pay too much attention to SQL INJECTION until you get your code running. Get it working, then secure it. Try set a variable to 

var sqlText = "SELECT * FROM Student where Gender = '" + textBox1.Text + "' ";

And then hit that in the debugger to check your full query statement. Make sure you have not got any sillies in there like an extra space.

See a full example of filling a data table here

Fix your SQL INJECTION vulnerability using parameters

Community
  • 1
  • 1
Murray Foxcroft
  • 12,785
  • 7
  • 58
  • 86
  • 3
    If you don't code it correctly from the beginning when do you propose there will be time to fix it? Parameterizing queries is so simple not doing it initially is negligent. – Sean Lange May 03 '16 at 16:57
  • If SQL is new to you then its not so simple the first time round. Getting a working piece of code is a big boost. Securing it is a logical step further is the point I was making. – Murray Foxcroft May 03 '16 at 18:37
  • I will respectfully disagree. Far too often we see people learning this language and they always have the intention of fixing it but didn't actually learn how to do it and besides, "it works". It breeds the "if it ain't broke don't fix it" mentality which leads to very bad things. Of course getting some code to work helps but teaching a person to do it correctly in the first place is even better. – Sean Lange May 03 '16 at 19:27
0

No error with Query seems binding issue with DataGrid. My case is same, I use SQL, DataTable, DataGrid. And would you try this? 

DataTable DataTab = new DataTable("Student");
DaSql = new SqlDataAdapter("SELECT * FROM Student where Gender = '" + textBox1.Text + "' ", conSql);
DaSql.Fill(DataTab);
DataGridQueryResult.ItemsSource = DataTab.DefaultView;

And need to check DataGrid settings are correct in Window Designer including AutoGeneratingColumns= True. I always use ItemsSource with good results.

Kay Lee
  • 922
  • 1
  • 12
  • 40