Firstly, you should not use string concatenation to build SQL queries; see
http://bobby-tables.com/about.html[
^] for reasons why not. Use properly formatted parameterised queries, with validated user input.
Secondly, you can copy items to your datagridview just by looping through the datareader returned rows, and adding each field to the relevant column in a new datagridview row. All you need in the datagridview at the beginning is the correct number, and type, of columns. So the process is:
Create the DataGridView
Add the Columns
For Each record returned by the SQLDataReader
Create a new DataGridRow
For each item in the SQL record
Copy the item into the appropriate column in the row
End For
Add the new row to the DataGridView
End For