I'm having a problem with this query.
I want to search in Column4 like example "Ongoing"
OleDbDataAdapter da = new OleDbDataAdapter("SELECT Column4 FROM Table WHERE Column1 ='" + textBox1.Text + "', Column2 ='" + textBox2.Text + "'AND Column3 ='" + textBox3.Text + "'" , conn);
first this will lead to sql injection, its not good way to code ,
second query have issue : - as there is no and condition on column2 and there is no space between column 2 and column 3 and condtion
"SELECT Column4 FROM Table WHERE Column1 ='" + textBox1.Text + "',
Column2 ='" + textBox2.Text + "'AND Column3 ='" + textBox3.Text + "'"
query should be
"SELECT Column4 FROM Table WHERE Column1 ='" + textBox1.Text +
"' and Column2 ='" + textBox2.Text +
"' AND Column3 ='" + textBox3.Text + "'"
and make use of sqlcommand with sql-parameter and avoid sql injection
If you insist on coding your SQL query in that way*, then at least use string formatting:
//older style of string format
var query1 = string.Format("SELECT Column4 FROM Table WHERE Column1 = '{0}' AND Column2 = '{1}' AND Column3 = '{2}'"
, textBox1.Text
, textBox2.Text
, textBox3.Text);
//newer style of string format
var query2 = $"SELECT Column4 FROM Table WHERE Column1 = '{textBox1.Text}' AND Column2 = '{textBox2.Text}' AND Column3 = '{textBox3.Text}'";
String concatenation the way you did it is going to lead to code that is very hard to read and maintain, and leads to easy mistakes like the AND you missed from your WHERE.
*as already mentioned by others, direct value injection into a query is a Bad Thing®. However if you're just throwing together a quick and nasty demo where you are the only one using it then it's okay. Just don't do it in production code, not ever.
