This is the code that is used to make the search private void button1_Click(object

Question

0

Asked: June 18, 20262026-06-18T05:53:07+00:00 2026-06-18T05:53:07+00:00

This is the code that is used to make the search private void button1_Click(object

0

This is the code that is used to make the search

 private void button1_Click(object sender, EventArgs e)
    {
        string connectionString = Tyre.Properties.Settings.Default.Database1ConnectionString;
        SqlConnection conn = new SqlConnection(connectionString);
        DataTable dt = new DataTable();
        SqlDataAdapter SDA = new SqlDataAdapter("SELECT * FROM table1 where Nom like " + textBox1.Text, conn);
        SDA.Fill(dt);
        dataGridView1.DataSource = dt;
    }

and im getting this error

An unhandled exception of type ‘System.Data.SqlClient.SqlException’ occurred in System.Data.dll

Additional information: Invalid column name ‘elie’.

thats a exemple of my application :
enter image description here
Click here to see the image

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-18T05:53:08+00:00

Editorial Team

2026-06-18T05:53:08+00:00Added an answer on June 18, 2026 at 5:53 am

First off, your code is wide open to SQL Injection. You allow the user to insert any data he wants including

; DROP TABLE table1

To fix the immediate issue surround the item to be matched with single quotes and % signs:

"SELECT * FROM table1 where Nom like '%" + textBox1.Text + "%'"

However, you absolutely should look into using a parameterized query.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

This is the code that is used to make the search private void button1_Click(object

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply