select * from table where desc like '%INPUT%' order by col

al posto di INPUT:
' --
'union select null, email, null from users --


come fare?

a.	Escape any single quotes :

searchString = txtSearch.Text; -->
searchString = txtSearch.Text.Replace("'","''");


b.    sandbox the input data


dataSource.SelectCommand = string.Format(
                "select sku, description, price from Products where description like '%{0}%' order by price",
                searchString);
            gridView.DataBind();

--->
  dataSource.SelectCommand = string.Format("select sku, description, price from Products where description like '%{0}%' order by price", searchString);
  dataSource.SelectParameters["s"].DefaultValue = '%' + searchString + '%';
  gridView.DataBind();