# Visual Basic > Visual Basic .NET > VS 2019 [RESOLVED] Getting error on retrieving multiple search data from same field?

## VS2013

Hi,

I have the following code to extract data related *SearchCode* (In this case *CIVIL*) which is working fine. But now I need to extract data related to *CIVIL*  as well *ELECTRICAL* (both CIVIL & ELECTRICAL are in SearchCode field.

"Select ExpNo,ExpDate,MainCategory,SubCategory,Description,PaidTo,TotalAmount,SearchCode from ExpensesTable WHERE SearchCode = '" & cboSearchCode.Text & "'"

But the below code throws an error:

"Select ExpNo,ExpDate,MainCategory,SubCategory,Description,PaidTo,TotalAmount,SearchCode from ExpensesTable WHERE SearchCode = '" & cboSearchCode.Text & "' AND WHERE SearchCode = '" & cboSearchCode1.Text & "'"

---------------------------
Error
---------------------------
Syntax error (missing operator) in query expression 'SearchCode = 'CIVIL' AND WHERE SearchCode = 'ELECTRICAL''.
---------------------------
OK   
---------------------------

Please support.

----------


## OptionBase1

Take out the second "WHERE".

Should be in the format of:



```
WHERE Condition1 AND Condition2
```

Also, doesn't "=" imply an exact match?  If so, SearchCode can't be equal to both simultaneously, unless both ComboBoxes contain the same .Text value.

----------


## VS2013

Thanks a lot for your valuable support. It is working fine with the following code:


```
"Select ExpNo,ExpDate,MainCategory,SubCategory,Description,PaidTo,TotalAmount,SearchCode from ExpensesTable WHERE SearchCode= '" & cboSearchCode.Text & "' OR SearchCode = '" & cboSearchCode1.Text & "'"
```

----------


## PlausiblyDamp

> Thanks a lot for your valuable support. It is working fine with the following code:
> 
> 
> ```
> "Select ExpNo,ExpDate,MainCategory,SubCategory,Description,PaidTo,TotalAmount,SearchCode from ExpensesTable WHERE SearchCode= '" & cboSearchCode.Text & "' OR SearchCode = '" & cboSearchCode1.Text & "'"
> ```


You really should look at using a parameterised query instead of using steering concatenation to build your sql. What you are doing leaves you potentially open to sql injections. If you search these forums you should find plenty of topics on both using parameters with sql, and on sql injections.

----------


## vbdotnut

Depending on the size of the data you may be best off filling a datatable with the comeplete dataset then do your filtering on the defaultview/bindingsource
failing that I would recommend droping the concat method youre using and use the IN Clause as in this example: (Assuming you separate the strings in textbox with a comma)


```
If TextBox1.Text <> String.Empty Then
    Dim InStrAry As String() = TextBox1.Text.Split(","c)
    For i As Integer = 0 To InStrAry.Count - 1
        InStrAry(i) = "'" & InStrAry(i) & "'"
    Next
    Dim InStr As String = String.Join(","c, InStrAry)
    Dim MyQry As String = String.Format("SELECT Cols FROM Table WHERE SearchCol IN ({0})", InStr)
    Stop
End If
```

You will struggle to get a parameterized solution otherwise, but it is doable

----------

