Try using a parameterized query string:
cmd.CommandText = "SELECT * FROM Member WHERE number = @Number"
After this add your parameters.
//cmd.Parameters.Add("@Number", SqlDbType.Int).Value = 3;
//It is better to use .TryParse(), incase your users write non numerical values in the Textbox
cmd.Parameters.Add("@Number", SqlDbType.Int).Value = (int)TextBox1.Text;
Additionally you need to watch your data types. 3
is of type int
, but TextBox1.Text
is of type string
. You need to parse the string to int in order for it to work.
This should do the trick and prevent ugly syntax juggling, while mixing strings and variables; And prevent you from SQL Injection attacks.