where statement doesn't work correctly in c#

I am using MYSQL in my c# app.

There are some string values in mysql table and there is a textbox that client can write in that and then I use this statement to show the results: 

"SELECT ID,METER FROM DB.TABLE1 WHERE METER >= '" +TEXT1.text.tostring+"'";

But for Example, if the client write 400 in that textbox, the results are like this: 

50,400,500,600,50,500

But we know that 50 is not bigger than 400!!!
And then I used this code: 

"SELECT ID,METER FROM DB.TABLE1 WHERE METER <= '" +TEXT1.text.tostring+"'";

If the client write 400 in that textbox, the results are like this: 

300,150,100,250;

50 is not shown!!!

Can you please help me what should I do???

Jon Skeet
people
quotationmark

50 is "bigger" than 400 when you treat them as strings, so I suspect that's what you're doing.

First: never, never, never build SQL like this. It's susceptible to SQL injection attacks, it leads to error-prone conversions, and it makes your code harder to read.

Instead, use parameterized SQL. In this case you'll want SQL of something like:

SELECT ID,METER FROM DB.TABLE1 WHERE METER >= @Parameter

and then set the @Parameter parameter in the parameter collection - parsing it as an integer (or whatever type is suitable for the values you're trying to represent) first.

Next: check the type of METER in your schema. If it's varchar or some similar text type, you need to fix that. It should be a suitable numeric type if you want to treat the values as numbers.

people

See more on this question at Stackoverflow