0

Hi i can currently search the sql database using the following code, but i can only search using the Customer_firstname is there a way i can search for the surname as well as the firstname? i have found numerous tutorials and examples but all of the examples only use one datatype for the search.

protected void Button_cus_pmr_Click(object sender, EventArgs e)

    {

        //select all the data from the PMR table where it is equal to the text in the search text box
        string staSearch = "select * FROM [PMR] where (Customer_Firstname like '%" + TextBox_cus_pmr.Text.ToString() + "%)";
        SqlDataSource1.SelectCommand = staSearch;//perform the staSearch query on the SqlDataSource1

    }
Improve this question
2
  • You should look into Store procedures or the entity framework instead of using inline sql. They can be a security nightmare waiting to happen. Commented Feb 17, 2015 at 18:54
  • @Lareau Or rather parameters, since they are a lot simpler to use for queries than stored procedures. But the fact remains that never ever use string catenation like this. Commented Feb 23, 2015 at 10:22

1 Answer 1

Reset to default
1

You should be able to simply add a second condition for the surname. For example:

string staSearch = "select * FROM [PMR] where (Customer_Firstname like '%" + TextBox_cus_pmr.Text.ToString() + "% OR Customer_Surname like '%" + TextBox_surName.Text.ToString() + "%')";

Replace TextBox_surName with the name of the surname text box and Customer_Surname with the name of the surname database column.

Like Lareau mentioned in a comment, this isn't a very safe way to do queries because a user could run other SQL commands on your server by entering them into the textbox. For more information on ways to avoid this, take a look at this article.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

The code worked perfectly i will have a look at the article and improve the security.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.