string connStr = "workstation id=MC;packet size=4096;user id=sa;data source=192.168.2.39;persist security info=False;initial catalog=FileManage";SqlConnection conn = new SqlConnection(connStr);
//string sql = "select * from FM_Folder where FolderTypeID = '"+this.textBox1.Text+"'";
string sql ="select * from FM_Folder where FolderTypeID =@val";
SqlDataAdapter da = new SqlDataAdapter(sql,conn);
da.SelectCommand.Parameters.Add("@val",SqlDbType.VarChar,20);
da.SelectCommand.Parameters["@val"].Value= this.textBox1.Text;
DataSet ds = new DataSet();
conn.Open();
da.Fill(ds,"FM_Folder");
conn.Close();
this.dataGrid.DataSource = ds.Tables[0];