Question Problem with Search DataGridView by using ComboBox and TextBox

[Expensive]

Good morning all,

I try to affect a filter / search on datagridview by a combobox and textbox but when I type the first letter (s) on textbox an error message is displayed:

System.Data.SqlClient.SqlException*: 'Syntaxe incorrecte vers 's%'.'

here is my code:

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using System.Configuration;
using System.Data.SqlClient;

namespace TESTSEARCH
{
    public partial class FormFind : Form
    {
        public FormFind()
        {
            InitializeComponent();
        }
        private void FormFind_Load(object sender, EventArgs e)
        {

        }

        private void textBox1_TextChanged(object sender, EventArgs e)
        {
            string constring = ConfigurationManager.ConnectionStrings["TESTDEMO.Properties.Settings.connect"].ConnectionString;
            SqlConnection con = new SqlConnection(constring);
            
            if (comboBox1.Text == "BD_NameConn")
            {
                SqlDataAdapter Sda = new SqlDataAdapter ("Select BD_NameConn, BD_BaseType, BD_Base, BD_Serer, BD_User, BD_MenuStyle FROM BD WHERE BD_NameConn '" + textBox1.Text + "%'",con);
                DataTable Dt = new DataTable();
                Sda.Fill(Dt);
                dataGridView1.DataSource = Dt;
            }
        }
    }
}

it stops in the line Sda.Fill (Dt); and displays the message :

System.Data.SqlClient.SqlException*: 'Syntaxe incorrecte vers 's%'.'


I await yours help and thank you in advance

 

[jmcilhinney]

Please don't post code that isn't relevant to the problem. Only that TextChanged event handler is relevant here so that is all you should have posted. The more code you post, the more time we need to spend working out what's relevant and the less likely we'll be inclined to do it.

 

[jmcilhinney]

As for the problem, you omitted the LIKE operator from your SQL:

SqlDataAdapter Sda = new SqlDataAdapter ("Select BD_NameConn, BD_BaseType, BD_Base, BD_Serer, BD_User, BD_MenuStyle FROM BD WHERE BD_NameConn LIKE '" + textBox1.Text + "%'",con);

 

[jmcilhinney]

There are some other issues with your code.

1. You should not use string concatenation to insert values into SQL code. You should always use parameters. If you don't, various bad things can happen. For one, if the user enters a single-quote into that TextBox then an exception will be thrown. Even worse, a malicious user could enter some partial SQL statements in there and delete your entire database. You can follow the Blog link in my signature below and check out my post on Parameters In ADO.NET to learn more.
2. It's a bad idea to query the database on every TextChanged event. What if the user wants to type in five characters to do a search? You will perform five queries, four of which are pointless. It's a better idea to stop and start a Timer on the TextChanged event and then do the query on the Tick event. That will allow the user to enter multiple characters fairly quickly and only search when they're done. You can set the Interval to 300-500 and most people will barely notice the delay but will type fast enough to avoid pointless queries.
3. You shouldn't create a new DataTable every time. Just use one DataTable and leave it bound the whole time. You can repopulate that on each query.
4. You should access your connection string via My.Settings, which means that there will be a dedicated property and no magic string will be required to identify it.