How to display specific database entries into a textbox on a WinForm application

Question

UPDATE: Thanks everyone, the code was not the issue, although the information regarding SQL injection was useful, my issue was that I was using an older version of my database w

Answer 1

put a breakpoint on that line

SqlDataReader re = cmd.ExecuteReader();

and enter the following into textBox3

'; DROP TABLE Product; SELECT '

the ' are to be entered in your textbox. now execute your method and carefully read the resulting sql command... welcome to sql injection ;)

@M Patel: thx for your comment and you are perfectly right

The result would be the following SQL

SELECT * FROM Product WHERE ProductID=''; DROP TABLE Product; SELECT ''

And this would allow a malicious user to destroy your database.

To prevent that you should work with prepared Statements like M Patel suggested in his answer