C# correct syntax in sql string when filtering for a text field from a dropdownlist

Posted on 2012-08-28
Last Modified: 2012-08-28
I have a gridview and a drop down list. When a selection is made from the list, I want to filter the grid. I need to filter based on the selection from a drop down list. The value selected is a text field. I need the correct syntax for the sql statemtn in the c# code behind. What am I missing?
Here is my sql string. The Comp1 and Comp2 fields are text fields.
string strTransactions = "select * FROM vwTransactionsByComp where Comp1 = " + ddlComp.SelectedValue + " OR Comp2 = " + ddlComp.SelectedValue;
Question by:dodgerfan
    LVL 74

    Accepted Solution

    You are using string concatenation to build queries. This is bad. I would suggest using parameterized queries. For example:

    using (SqlConnection con = new SqlConnection("your connection string"))
        using (SqlCommand cmd = new SqlCommand("select * FROM vwTransactionsByComp where Comp1 = @searchVal OR Comp2 = @searchVal", con))
                cmd.Parameters.Add("@searchVal", ddlComp.SelectedValue);
                SqlDataReader reader = cmd.ExecuteReader();
            catch (SqlException ex)
                // log exception

    Open in new window

    Hopefully you can see that query is now a bit easier to read on top of being a bit safer to actually send to the database.

    Note:  I am using a reader in the above, but that is only for example. You would need to tweak that code to fit your environment.
    LVL 74

    Expert Comment

    by:käµfm³d 👽

    The reason your previous code doesn't work is because you are trying to test textual columns and you didn't quote the incoming values within your query (i.e. wrap the value that's coming from the combo box in single quotes). However, I still recommend you consider using what I described above.

    Author Closing Comment

    Got it. Thanks for the help and tips.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Join & Write a Comment

    We all know that functional code is the leg that any good program stands on when it comes right down to it, however, if your program lacks a good user interface your product may not have the appeal needed to keep your customers happy. This issue can…
    Problem Hi all,    While many today have fast Internet connection, there are many still who do not, or are connecting through devices with a slower connect, so light web pages and fast load times are still popular.    If your ASP.NET page …
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now