Combine the SQL stagtement with an OR operator
Private Sub btngo_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btngo.Click
Try
With fg
Dim str(1) As String
ssql = Nothing
If fg.Col = 1 Then
ssql = Nothing
ssql = "select iname,itmcode,ivalue,balqty from vewhelp where (iname like '%" & Trim(Me.txtsr.Text) & "%' or itmcode like '%" & Trim(Me.txtsr.Text) & "%') and site='" & loginsite & "' "
End If
fn.readqry(ssql)
Dim dr As SqlDataReader = cmd.ExecuteReader()
fg.Rows.Count = 1
fg.Rows.Count = 2
While dr.Read()
.SetData(.Rows.Count - 1, "iname", dr.Item("iname"))
.SetData(.Rows.Count - 1, "rate", dr.Item("ivalue"))
.SetData(.Rows.Count - 1, "balqty", dr.Item("balqty"))
.SetData(.Rows.Count - 1, "icode", dr.Item("itmcode").ToString())
.Rows.Count += 1
End While
dr.Close()
fg.Focus()
End With
Catch Excep As Exception
MessageBox.Show(Excep.Message, "Error,Contact OR Send ()", MessageBoxButtons.OK, MessageBoxIcon.Error)
End Try
End Sub
try to repalce paramererised queries to avoid SQL injection