不要只搜索姓氏

OR opd_plname like'%" + lname + @"% '

白色space ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, ^

还要注意sql注入，可以使用准备好的sql语句和参数绑定来解决这个问题

不需要看到更多的代码，它可以是您只填充fname或lname变量中的一个。假设是这种情况，您可以使用以下代码:

// this assumes that you have only have 1 input for both the first name and lastname 
// and are storing it in a variable named searchForName
using (var connection = new SqlConnection("YOUR_CONFIGURATION_CONNECTION_STRING"))
{
    using (var command = new SqlCommand("SELECT opd_id AS [OPD No], opd_date AS DATE, opd_dpt AS DEPARTMENT, opd_pfname + ' ' + opd_plname AS [Patient NAME], opd_age AS AGE, opd_gender AS GENDER, opd_mob AS [MOBILE NO], opd_fthrname AS [FATHER NAME], opd_hsbndname AS [HUSBAND NAME] FROM tbl_OPD WHERE (opd_pfname like @p0 OR opd_plname like @p0) ORDER BY DATE DESC", connection))
    {
        command.Parameters.Add(new SqlParameter("@p0", string.Format("%{0}%", searchForName)));
        // rest of your code here E.G., sComm.ExecuteNonQuery();
    }
}

如果您知道两个变量都已填充，请尝试以下代码块

using (var connection = new SqlConnection("YOUR_CONFIGURATION_CONNECTION_STRING"))
{
    using (var command = new SqlCommand("SELECT opd_id AS [OPD No], opd_date AS DATE, opd_dpt AS DEPARTMENT, opd_pfname + ' ' + opd_plname AS [Patient NAME], opd_age AS AGE, opd_gender AS GENDER, opd_mob AS [MOBILE NO], opd_fthrname AS [FATHER NAME], opd_hsbndname AS [HUSBAND NAME] FROM tbl_OPD WHERE (opd_pfname like @p0 OR opd_plname like @p1) ORDER BY DATE DESC", connection))
    {
        command.Parameters.Add(new SqlParameter("@p0", string.Format("%{0}%", searchForFirstName)));
        command.Parameters.Add(new SqlParameter("@p1", string.Format("%{0}%", searchForLastName)));
        // rest of your code here E.G., sComm.ExecuteNonQuery();
    }
}

p。正如其他人所说，这里显示的代码有些不安全，您应该尽一切努力避免Sql注入攻击。