我正在使用SqlDataSource来填充GridView。这是我的代码:
private void DataCall()
{
//Object gets created for use from the class(clsDataConduit)
clsDataDictionary AnOrder = new clsDataDictionary();
//Declaring a new SqlDataSource from the inbuilt class library
SqlDataSource sqlDS_ItemTable = new SqlDataSource();
//Using our datasource object being cast onto our objects connectionstring
sqlDS_ItemTable.ConnectionString = AnOrder.ConnectionString;
//Our sql statement being passed through to our .SelectCommand method
sqlDS_ItemTable.SelectCommand = "Select tblOrders.OrderId, tblItem.ItemName, tblOrders.DateOrdered from tblItem, tblOrders where tblItem.ItemId = tblOrders.ItemId AND tblOrders.AuthId = 5";
//Adding controls to our SqlDataSource object
this.Controls.Add(sqlDS_ItemTable);
//Declares the DataSource for our gridview !
grdOrder.DataSource = sqlDS_ItemTable;
//Binds the data to refresh every time it's used
grdOrder.DataBind();
}
正如您在最后的SQL语句中所看到的,我正在执行此操作tblOrders.AuthId = 5。但是我想做这样的事情tblOrders.AuthId = SessionAuthId .
我阅读了一些关于单独执行command.Parameters.Add(new SqlParameter("Name", dogName));行的帖子,但我不知道如何将其应用于我的代码。
我在使用别人代码(教授)的作业中这样做,但我想稍微编辑它,因为我将开发一个登录系统等。
有人可以查看该方法,看看我如何更改它以将参数传递给它。这里还有完整的代码:http://pastebin.com/sdrvW5Zn
答案 0 :(得分:11)
您可以使用SelectParameters属性进行参数化查询。
sqlDS_ItemTable.SelectCommand = "Select tblOrders.OrderId, tblItem.ItemName, tblOrders.DateOrdered from tblItem, tblOrders where tblItem.ItemId = tblOrders.ItemId AND tblOrders.AuthId = @authID";
sqlDS_ItemTable.SelectParameters.Add(new SqlParameter("@authID", SessionAuthID));
答案 1 :(得分:0)
String authId = SessionAuthID;//pass your session ID to the variable or directly you can pass this value as the parameter value:
string strSQL = "Select tblOrders.OrderId, tblItem.ItemName, tblOrders.DateOrdered from tblItem, tblOrders where tblItem.ItemId = tblOrders.ItemId AND tblOrders.AuthId = @ID";
SqlCommand cmdItem = new SqlCommand(strSQL, clsMain_Connection.openConn());
cmdItem.Parameters.AddWithValue("@ID", authId);
答案 2 :(得分:0)
TheGreatCO建议的string.format方法看起来适用于您将SQL查询作为字符串传递的当前实现。
否则,您可以从SQL代码段创建存储过程,并将其设置为参数。
我假设sessionAuthId是一个int。
CREATE PROCEDURE SP_SAMPLEPROCEDURENAME
(
@p1 int -- here the input parameter is declared
)
AS
BEGIN
Select
tblOrders.OrderId,
tblItem.ItemName,
tblOrders.DateOrdered
from tblItem, tblOrders
where tblItem.ItemId = tblOrders.ItemId
AND tblOrders.AuthId = @p1 -- here the input parameter is used
END
要从c#调用存储过程,您需要这样的方法:
public YOURReturnObject PopulateGridView(int sessionid)
{
SqlConnection conn = new SqlConnection("YourDBConnectionString);
SqlCommand comm = new SqlCommand("SP_SAMPLEPROCEDURENAME", conn);
comm.CommandType = CommandType.StoredProcedure;
comm.Parameters.AddWithValue("@p1",sessionid);
YOURReturnObject o = new YOURReturnObject();
using (comm.Connection)
{
comm.Connection.Open();
while (reader.Read())
{
//read the results into return object
}
}
返回o;
}
答案 3 :(得分:0)
使用“SelectParameters”
sqlDS_ItemTable.SelectParameters.Clear();
sqlDS_ItemTable.SelectCommand = "Select tblOrders.OrderId, tblItem.ItemName, tblOrders.DateOrdered from tblItem, tblOrders where tblItem.ItemId = tblOrders.ItemId AND tblOrders.AuthId = @authID";
sqlDS_ItemTable.SelectParameters.Add("authID", SessionAuthID);
// sqlDS_ItemTable.SelectParameters.Add("stringParam", TypeCode.String, stringParam); //like so for string validation
答案 4 :(得分:-5)
使用string.Format() http://msdn.microsoft.com/en-us/library/system.string.format.aspx
做类似的事情:
sqlDS_ItemTable.SelectCommand = string.Format("Select tblOrders.OrderId, tblItem.ItemName, tblOrders.DateOrdered from tblItem, tblOrders where tblItem.ItemId = tblOrders.ItemId AND tblOrders.AuthId = {0}", SessionAuthId);
要回答第二个问题,您可以更改方法的签名以包含参数。
private void DataCall(string SessionAuthId)
{
// your method here...
}