There are most likely multiple errors in your statement.
The main issue I see is a major vulnerability known as
SQL Injection. You should NEVER EVER piece user entered data asstrings together to form a SQL statement. The proper way to add variables into a command is via
Parameters
string sQry = "SELECT * FROM Conductors WHERE Type = @Type AND Shape = @Shape";
SqlCommand cmd = new SqlCommand(sQry, {SqlConnection});
cmd.Parameters.AddWithValue("@Type", Convert.ToString(comboBox1.SelectedItem));
cmd.Parameters.AddWithValue("@Shape", Convert.ToString(comboBox2.SelectedItem));The next thing to look at is your syntax; normally if you were going to wrap your
conditions in parenthesis it would be around the whole comparison and not just the term, or; you can omit them on rather simple clauses
SELECT * FROM Conductors WHERE Type =('TypeValue') AND Shape = ('ShapeValue')
SELECT * FROM Conductors WHERE (Type = 'TypeValue') AND (Shape = 'ShapeValue')
SELECT * FROM Conductors WHERE Type ='TypeValue' AND Shape = 'ShapeValue'And the last thing to look at is the terms that are being used; it looks like some of the column names in use may be classified as
reserved or
special; in which case they should be delineated as such to specify this as a column name (or other SQL Object as needed). The rule I use to determine this is if I type it into SQL Studio and the color changes then it should get wrapped. If you look at these code samples you will see that
Type has been highlighted. In SQL Server you would wrap the term in [square brackets].
SELECT * FROM Conductors WHERE [Type] ='TypeValue' AND [Shape] = 'ShapeValue'
Submit an article or tip