我有一个Gridview.aspx,Gridview.aspx.cs和GetData.cs(class)
在Gridview.aspx中,我有一个名为 SearchData 的文本框和一个名为 SearchBtn 的按钮
我在Gridview.aspx.cs>>>
中有这个protected void SearchBtn_Click(object sender, EventArgs e){
if (!IsPostBack){
Search_Grid();
}
}
void Search_Grid(){
DataGridView.DataSource = obj.Search_Data();
DataGridView.DataBind();
}
因为这是我第一次使用课程,所以这就是我在GetData.cs>>>
中的内容public DataTable Search_Data(){
adap = new SqlDataAdapter("select * from MyTable " +
"where MyID = '" +
value_of_my_SearchData_textbox +
"'", con);
dt = new DataTable();
adap.Fill(dt);
return dt;
}
ASPX代码 GridView.aspx代码很长,但这是gridview部分下的内容:
<table id="TBL_GridView" runat="server" align="center">
<tr>
<td text-align:center">*** TEST ONLY ***</td>
</tr>
<tr>
<td >
<asp:Label ID="Label1" runat="server" Text="Procedure name: "></asp:Label>
<asp:TextBox ID="SearchData" runat="server"></asp:TextBox>
<asp:Button ID="SearchBtn" runat="server" Text="Search" OnClick="SearchBtn_Click" />
</td>
</tr>
<tr >
<td >
<asp:GridView ID="DataGridView" runat="server" AutoGenerateColumns="False" ShowFooter="True"
CellPadding="4" ForeColor="#333333" GridLines="None" Height="281px" style="margin-top: 0px" Width="1000px"
OnRowCancelingEdit="DataGridView_RowCancelingEdit"
OnRowEditing="DataGridView_RowEditing" HorizontalAlign="Center" >
<AlternatingRowStyle BackColor="White" ForeColor="#284775" />
<Columns>
<asp:TemplateField>
<HeaderTemplate>Recipe Name</HeaderTemplate>
<ItemTemplate><asp:Label ID="recpname" runat="server" Text='<%# Bind("recpname")%>'></asp:Label></ItemTemplate>
<EditItemTemplate><asp:TextBox ID="recpname" runat="server"></asp:TextBox></EditItemTemplate>
<FooterTemplate><asp:TextBox ID="recpname" runat="server"></asp:TextBox></FooterTemplate>
</asp:TemplateField>
<asp:TemplateField>
<HeaderTemplate>Standard Time</HeaderTemplate>
<ItemTemplate><asp:Label ID="stdtime" runat="server" Text='<%# Bind("stdtime")%>'></asp:Label></ItemTemplate>
<EditItemTemplate><asp:TextBox ID="stdtime" runat="server"></asp:TextBox></EditItemTemplate>
<FooterTemplate><asp:TextBox ID="stdtime" runat="server"></asp:TextBox></FooterTemplate>
</asp:TemplateField>
<asp:TemplateField>
<HeaderTemplate>Operation</HeaderTemplate>
<ItemTemplate>
<asp:Button ID="BtnEdit" runat="server" Text="Edit" CommandName="Edit" Width="60px" />
</ItemTemplate>
<EditItemTemplate>
<asp:Button ID="BtnUpdate" runat="server" Text="Update" CommandName="Update" Width="60px" />
<asp:Button ID="BtnCancle" runat="server" Text="Cancel" CommandName="Cancel" Width="60px" />
</EditItemTemplate>
<FooterTemplate>
<asp:Button ID="BtnInsert" runat="server" Text="Insert" Width="60px" OnClick="BtnInsert_Click" />
</FooterTemplate>
</asp:TemplateField>
</Columns>
</asp:GridView>
<br />
<asp:Literal ID="Literal1" runat="server"></asp:Literal>
</td>
</tr>
</table>
我应该如何将文本框的值传递给我的班级?
答案 0 :(得分:2)
我看到你的文本框SearchData只是gridview之外的普通文本框而不是gridview。
您可以简单地使用:
SearchData.Text
更改方法以传递SearchData.Text
protected void SearchBtn_Click(object sender, EventArgs e){
if (!IsPostBack){
Search_Grid(SearchData.Text);
}
}
void Search_Grid(string searchValue){
DataGridView.DataSource = obj.Search_Data(searchValue);
DataGridView.DataBind();
}
最后使用它:
public DataTable Search_Data(string searchValue){
adap = new SqlDataAdapter("select * from MyTable " +
"where MyID = '" +
searchValue +
"'", con);
dt = new DataTable();
adap.Fill(dt);
return dt;
}
但是,请注意,此代码很容易受到 SQL注入攻击,因为您要在线添加值,因此攻击者可以添加; delete from my table来擦除您的数据。
您应该参数化您的查询。
adap = new SqlDataAdapter("select * from MyTable where MyID = @myIdValue", con);