Use
DataAdapter
while binding
GridView
.
SqlDataAdapter dataAdapter = new SqlDataAdapter(cmd, con);
DataTable dt = new DataTable();
dataAdapter.Fill(dt);
GridView1.DataSource = dt;
GridView1.DataBind();
Also use Parameterized query while initializing a
SqlCommand
object.