string bookingId = TextBox1.Text;
string connString = ConfigurationManager.ConnectionStrings["connectionString"].ConnectionString;
using (SqlConnection con = new SqlConnection(connString))
{
using (SqlCommand cmd = new SqlCommand())
{
cmd.CommandText = "select * from booking where BookingId = @BookingId";
cmd.Parameters.AddWithValue("@BookingId", bookingId)
cmd.Connection = con;
con.Open();
GridView1.DataSource = cmd.ExecuteReader();
GridView1.DataBind();
con.Close();
}
}
Don't ever pass a value from your UI directly to your query.(To prevent Sql injection)