Show whether the record is find by Name or EmpID

Question

using (SqlConnection myDatabaseConnection = new SqlConnection(myConnectionString.ConnectionString))
{
    myDatabaseConnection.Open();
    using (SqlCommand mySqlCommand = new SqlCommand("Select EmpID, Name from Employee WHERE EmpID = @EmpID OR Name = @Name ", myDatabaseConnection))
    {
        mySqlCommand.Parameters.AddWithValue("@EmpID", textBox1.text);
        mySqlCommand.Parameters.AddWithValue("@Name", textBox1.text);
        DataSet ds = new DataSet();
        SqlDataAdapter adapter = new SqlDataAdapter(mySqlCommand);
        adapter.Fill(ds);
        dataGridView1.DataSource = ds.Tables[0];  
    }
}

Sample database

EmpID          Name
4001           Johnny Bravo
4002           Bruce Smith
4003           Vince Walker

When I type 4001 on the textBox1 this is the result

EmpID          Name
4001           Johnny Bravo

And when I type Bruce Smith on the textBox1 this is the result

EmpID          Name
4002           Bruce Smith

What I need is to show whether the record is find by EmpID or Name. For example I type 4003 the textbox or label, etc will be like "The record is found by EmpID" . And when I type Vince Walker it will be like "The record is found by Name" .

Answer 1

First off, you have a SQL injection vulnerability that you need to fix. This article should get you stared on parameterized queries.

Secondly, you could slip a case statement into your query to indicate which value matched. Example:

SELECT CASE WHEN EmpID = @EmpId 
           THEN 1 
           ELSE 0
       END AS MatchedEmpId
FROM Whatever