views:

56

answers:

2

I want to add search functionality to my program. There's a class which has this function:

public DataTable Search()
        {
            string SQL = "Select * from Customer where " + mField + " like '%" + mValue + "%'";
            DataTable dt = new DataTable();
            dt = dm.GetData(SQL);
            return (dt);

        }

There are setter and getter properties for mField and mValue. DM is the object of class DataManagement, which has a method GetData:

public DataTable GetData(string SQL)
    {
        SqlCommand command = new SqlCommand();
        SqlDataAdapter dbAdapter = new SqlDataAdapter();
        DataTable DataTable = new DataTable();

        command.Connection = clsConnection.GetConnection();
        command.CommandText = SQL;
        dbAdapter.SelectCommand = command;
        dbAdapter.Fill(DataTable);
        return (DataTable);
    }

The search functionality is currently implemented like this:

private void btnfind_Click(object sender, EventArgs e)
    {
       //cust is the object of class customer//
        if (tbCustName.Text != "")
        {
            cust.Field="CustName";
            cust.Value = tbCustName.Text;
        }
        else if (tbAddress.Text != "")
        {
            cust.Value = tbAddress.Text;
            cust.Field="Address";
        }
        else if (tbEmail.Text != "")
        {
            cust.Value = tbEmail.Text;
            cust.Field="Email";
        }
        else if (tbCell.Text != "")
        {
            cust.Value = tbCell.Text;
            cust.Field = "Cell";
        }

        DataTable dt = new DataTable();
        dt = cust.Search();
        dgCustomer.DataSource = dt;
        RefreshGrid();
    }

    private void RefreshGrid()
    {
        DataTable dt = new DataTable();
        dt = cust.GetCustomers();
        dgCustomer.DataSource = dt;
    }

This is not working. I don't know why. Please help.

+1  A: 

Add a DataBind() statement in your RefreshGrid() method to have your new results actually shown on the Grid.

private void RefreshGrid()
{
    DataTable dt = cust.GetCustomers();
    dgCustomer.DataSource = dt;
    dgCustomer.DataBind();
}

Consider modifying your other method as well:

  1. Your ad-hoc SQL has a SQL injection vulnerability. Stop everything until you fix that!
  2. btnfind_Click doesn't need to end up calling cust.Search() twice.

    private void btnfind_Click(object sender, EventArgs e)
    {
        //<snip>
        // no need to do all this twice.
        //  DataTable dt = new DataTable();
        // dt = cust.Search();
        // dgCustomer.DataSource = dt;
        RefreshGrid();
    
    
    }
    
p.campbell
but there`s already a referesh grid ?? :s
Abid
i mean do i edit the previous refereshGrid function or do i make a new function?
Abid
A: 

Your RefreshGrid method is overwriting the DataSource you set in btnfind_Click... don't call it, just call DataBind

private void btnfind_Click(object sender, EventArgs e)
{
    ...

    DataTable dt = cust.Search();
    dgCustomer.DataSource = dt;
    dgCustomer.DataBind();

}

By the way, you don't need to assign a new DataTable to dt if you're immediately setting it to the result of cust.Search... you're just creating an instance for nothing (I fixed it in the code above)

Thomas Levesque