如何基于另一个文本框值在文本框中下拉相关数据

时间:2018-09-05 08:29:25

标签: c# asp.net autocompleteextender

在我的项目中,有一个或多个地址代码被分配给特定的客户名称。 我有一个包含Customer_Name的文本框。当我选择使用AutoCompleteExtender填充的特定Customer_Name时。然后,我想在下一个文本框中显示与该Customer_Name相关的地址代码。

这是选择“客户”的代码,该代码很好用。.

[System.Web.Script.Services.ScriptMethod()]
[System.Web.Services.WebMethod]
public static List<string> SearchCustomers(string prefixText, int count)
{
    using (SqlConnection conn = new SqlConnection())
    {
        conn.ConnectionString = dbConnection.fnConnectionString();
        using (SqlCommand cmd = new SqlCommand())
        {
            cmd.CommandText = " SELECT CustomerCode,CustomerName FROM tblCustomer where " +
            "CustomerName like @SearchText + '%'";
            cmd.Parameters.AddWithValue("@SearchText", prefixText);
            cmd.Connection = conn;
            conn.Open();
            List<string> customers = new List<string>();
            using (SqlDataReader sdr = cmd.ExecuteReader())
            {
                while (sdr.Read())
                {
                    String Code = sdr["CustomerCode"].ToString();
                    String Name = sdr["CustomerName"].ToString();
                    Name = Name + " ("+Code + ")";
                    customers.Add(Name);

                }
            }
            conn.Close();
            return customers;
        }
    }
}

这是在另一个文本框中显示地址代码的代码。.哪个不起作用.. 

 [System.Web.Script.Services.ScriptMethod()]
[System.Web.Services.WebMethod]
public static List<string> SearchAddress(string prefixText, int count)
{
    using (SqlConnection conn = new SqlConnection())
    {
        conn.ConnectionString = dbConnection.fnConnectionString();
        using (SqlCommand cmd = new SqlCommand())
        {

            cmd.CommandText = "select Addresscode from BName_Addresscode where Addresscode like '" + prefixText + "%' ";
            cmd.Parameters.AddWithValue("@SearchText", prefixText);
            cmd.Connection = conn;
            conn.Open();
            List<string> customers1 = new List<string>();
            using (SqlDataReader sdr = cmd.ExecuteReader())
            {
                while (sdr.Read())
                {
                   // String Code = sdr["City"].ToString();
                    String Name = sdr["Addresscode"].ToString();
                   // Name = Code + "(" + Name + ")";
                    customers1.Add(Name);

                }
            }
            conn.Close();
            return customers1;
        }
    }
}

1 个答案:

答案 0 :(得分:0)

该参数实际上不执行任何操作,并且您的代码已打开以进行sql注入。

第一部分是正确的,您可以从tblCustomer中选择。

更改为以前使用的方式,它应该可以正常工作

cmd.CommandText = "select Addresscode from BName_Addresscode where Addresscode like '@SearchText%' ";
cmd.Parameters.AddWithValue("@SearchText", prefixText);
相关问题
最新问题