Basically, you've been lucky up to now - that's some very dangerous code you have there. Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Always use Parameterized queries instead.
When you concatenate strings, you cause problems because SQL receives commands like:
SELECT * FROM MyTable WHERE StreetAddress = 'Baker's Wood'
The quote the user added terminates the string as far as SQL is concerned and you get problems. But it could be worse. If I come along and type this instead: "x';DROP TABLE MyTable;--" Then SQL receives a very different command:
SELECT * FROM MyTable WHERE StreetAddress = 'x';DROP TABLE MyTable;
Which SQL sees as three separate commands:
SELECT * FROM MyTable WHERE StreetAddress = 'x';
A perfectly valid SELECT
DROP TABLE MyTable;
A perfectly valid "delete the table" command
And everything else is a comment.
So it does: selects any matching rows, deletes the table from the DB, and ignores anything else.
So ALWAYS use parameterized queries! Or be prepared to restore your DB from backup frequently. You do take backups regularly, don't you?
Fixing that will pretty much involve you changing the whole structure of that code, as you can't pass parameter data to your
QueryAsDataTable
method without adding a whole new mechanism to pass parameter data, and that will apply to most of the other methods in your module as well.
And that means large changes in your Form code throughout your app.
Plus, you are holding a connection open for the duration of your app, which is ok - just - when you are using a single user DB, but a very poor idea in a multiuser one like MySql or Sql Server.; you don't dispose Connection objects when you are fis=nished with them; and so forth.
As a result, I'd have to say that it's not worth the effort to do it: scrap the existing code and start again, doing the job properly instead of mashing your Data Access code into your Presentation code as you have here.
That's up to you: but I suspect you will save yourself a lot of pain in both the short and long terms if you do bite the bullet!