我有下拉列表显示位置名称,下拉列表的数据源带来了LOC_NM和LOC_ID,但用户只会看到位置名称。所以我想要做的是在我的选择查询中传递LOC_ID,我该怎么做? 以下是下拉列表的代码:
<asp:DropDownList ID="locatioin" DataSourceID="dd_source" DataTextField="LOC_NM" DataValueField="LOC_ID" runat="server" AppendDataBoundItems="true">
<asp:ListItem Text="Select Location" Value="Select Location"></asp:ListItem>
</asp:DropDownList>
这是我的select语句背后的代码:
SqlDataAdapter da = new SqlDataAdapter("select Company, Location from MainTable
where Location = selected LOC_ID")
你可以看到我想在我的查询中传递所选值的LOC ID,但我遇到了麻烦:其中Location = selected LOC_ID
答案 0 :(得分:7)
这是快速解决方案:
var tmp = "SELECT Company, Location FROM MainTable WHERE LocationColumn = {0}");
var query = string.Format(tmp,location.SelectedValue);
SqlDataAdapter da = new SqlDataAdapter(query);
这是安全的解决方案:
SqlConnection conn = new SqlConnection(_connectionString);
conn.Open();
string s = "SELECT Company, Location " +
"FROM MainTable " +
"WHERE LocationColumn = @location";
SqlCommand cmd = new SqlCommand(s);
cmd.Parameters.Add("@location", location.SelectedValue);
SqlDataReader reader = cmd.ExecuteReader();
归功于其中一个最佳编码网站:Coding Horror: Give me parameterized SQL, or give me death
答案 1 :(得分:3)
此致 UROS
答案 2 :(得分:0)
喜欢这个
SqlDataAdapter da = new SqlDataAdapter("select Company, Location from MainTable
where Location = "+locatioin.SelectedValue+"")
您只需使用下拉列表的selected value属性。
虽然您还需要更正查询。