下拉列表查询字符串参数

时间:2010-10-05 20:59:43

标签: asp.net

大家好,你们这些人在做什么?我有一个下拉列表,不会使用sql数据源从数据库填充数据值。当我使用后面的代码时,我能够将数据填充到下拉列表中。我不知道如何使用代码传递查询字符串参数,因为我是asp.net中的新手。

这是背后的代码:

Imports System.Data.SqlClient
Partial Class PhotoAlbum
    Inherits System.Web.UI.Page

    Dim oConn As New SqlConnection("Data Source=.\SQLEXPRESS;" & _
"AttachDbFilename=|DataDirectory|\ASPNETDB.MDF;" & _
"Integrated Security=True;User Instance=True")

    Dim oCmd As New SqlCommand()
    Dim oDR As SqlDataReader

    Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
        oConn.Open()
        oCmd.CommandText = "SELECT [CategoryID], [Name]  FROM Categories  ORDER BY [Name]"
        oCmd.Connection = oConn
        oDR = oCmd.ExecuteReader()

        Me.categories.DataSource = oDR
        Me.categories.DataTextField = "Name"
        Me.categories.DataValueField = "CategoryID"
        Me.categories.DataBind()

        oDR.Close()
        oConn.Close()
    End Sub
End Class

我想将sqlDatasource中的以下信息包含在代码隐藏中:

SelectCommand="SELECT [CategoryID], [Name] FROM [Categories] WHERE ([UserId] = @UserId) ORDER BY [Name]"> 
    <SelectParameters> 
         <asp:QueryStringParameter Name="UserId" QueryStringField="ID"/>

从背后的代码中可以看出,我能够添加:

"SELECT [CategoryID], [Name]  FROM Categories  ORDER BY [Name]".

但我想补充所有这些:

SelectCommand="SELECT [CategoryID], [Name] FROM [Categories] WHERE ([UserId] = @UserId) ORDER BY [Name]"> 
        <SelectParameters>

提前谢谢你们

1 个答案:

答案 0 :(得分:0)

试一试。我没有测试它,但“Request.QueryString”属性和“oCmd.Parameters.AddWithValue()”函数是您需要使用的关键部分。

Imports System.Data.SqlClient
Partial Class PhotoAlbum
    Inherits System.Web.UI.Page

    Dim oConn As New SqlConnection("Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\ASPNETDB.MDF;Integrated Security=True;User Instance=True")

    Dim oCmd As New SqlCommand()
    Dim oDR As SqlDataReader

    Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
        'TODO: probably want to make sure you have an "Id" in the query string
        If Request.QueryString("Id") Is Nothing Then
            ' TODO: handle this scenerio (no "Id" query string parameter)
        Else
            Dim userId As Integer = Nothing
            If Not Integer.TryParse(Request.QueryString("Id"), userId) Then
                ' TODO: handle this scenerio ("Id" query string parameter is not an integer)
            Else
                ' we have a good Id, use a parameterized statement to avoid SQL injection
                ' HINT: can use the "Using" statement of ensure your sql connection is disposed of when finished
                Using oConn As New SqlConnection("Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\ASPNETDB.MDF;Integrated Security=True;User Instance=True")
                    Dim oCmd As New SqlCommand("SELECT [CategoryID], [Name] FROM [Categories] WHERE UserId = @UserId ORDER BY [Name]", oConn)
                    ' provide a value for the @userId parameter using the "parameters.addwithvalue" function
                    oCmd.Parameters.AddWithValue("@UserId", userId)

                    oConn.Open()
                    Dim oDR As SqlDataReader = oCmd.ExecuteReader()

                    Me.categories.DataSource = oDR
                    Me.categories.DataTextField = "Name"
                    Me.categories.DataValueField = "CategoryID"
                    Me.categories.DataBind()

                    oDR.Close()
                    oConn.Close()
                End Using
            End If
        End If
    End Sub
End Class
相关问题
最新问题