error on search code

Question

krany18 0 Newbie Poster

15 Years Ago

hai friends i am writing the code for search button;

while i am wrote and complied that it gives the following error.
so many times i checked and posting into the forum now please clarify this problem..

code is:

using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Data.SqlClient;

public partial class nextpage : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        SqlConnection con = new SqlConnection("user id=sa;password=vikram;database=MUDIAM_INC");
        SqlCommand cmd = new SqlCommand("select * from mudiamINC", con);
        cmd.Connection = con;
        con.Open();
    }
    protected void Button1_Click(object sender, EventArgs e)
    {
        SqlConnection con = new SqlConnection("user id=sa;password=vikram;database=MUDIAM_INC");
        SqlDataAdapter da = new SqlDataAdapter("select * from mudiamINC where fname like" + TextBox1.Text + " %", con);
        DataSet ds = new DataSet();
        da.Fill(ds, "mudiamINC");
        con.Open();
        SqlCommand cmd = new SqlCommand();
        cmd.Connection = con;
        cmd.CommandText = "select * from mudiamINC";

    }
}

Error Is:

An expression of non-boolean type specified in a context where a condition is expected, near 'likekrani'

please check the error and tell me the correct solution for that..
ASAP

another one is search information could be displayed in the browser in a tabular format.
please clarify my doubt.

please...please...please...please...please...please...please...please...

asp.net

2 Contributors
3 Replies
97 Views
1 Day Discussion Span
Latest Post 15 Years Ago Latest Post by Murtan

Murtan 317 Practically a Master Poster

15 Years Ago

I think the problem is where you're building your select

SqlDataAdapter da = new SqlDataAdapter("select * from mudiamINC where fname like" + TextBox1.Text + " %", con);

I'm think you need a space after the like, but not before the %

SqlDataAdapter da = new SqlDataAdapter("select * from mudiamINC where fname like " + TextBox1.Text + "%", con);

Note however that I suspect this code is 'bad form'. You are taking user input without validation and putting it into SQL queries. This potentially puts your application at risk for SQL injection attacks.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

krany18 0 Newbie Poster · Answer 1 · 2008-11-28T11:02:53+00:00

please send me the correct code for that...

Murtan 317 Practically a Master Poster · Answer 2 · 2008-11-28T14:03:28+00:00

I think for testing your example, you could ignore the 'bad form'.

But if this will be accessed by other people (especially the public) that might ever have malicious intent then you should address this and any other code that might be subject to attack.

For more information on protecting yourself from SQL Injection attacks, I recommend the following article:

http://msdn.microsoft.com/en-us/library/ms998271.aspx