Question

在我将数据绑定到.cs文件中的GridView之前。我进行了搜索/排序工作（通过键入文本框来搜索数据库，通过从下拉列表中选择一个选项进行排序）。但是，现在我将我的数据绑定在.aspx文件中，当然我的排序/搜索不再起作用了。如何更改我的排序/搜索算法，以便正确的数据绑定???

（searchFill是调用搜索/排序的函数）

的.cs

 protected void Page_Load(object sender, EventArgs e)
    {
        rootWebConfig = System.Web.Configuration.WebConfigurationManager.OpenWebConfiguration("/Cabot3");
        connectionString = rootWebConfig.ConnectionStrings.ConnectionStrings["SecureODBConnectionString"];
        searchFill();
        GridViewRow row = DefaultGrid.SelectedRow;
        int rowIndex = DefaultGrid.SelectedIndex;
        HiddenGrid.SelectedIndex = rowIndex;
        GridViewRow row2 = HiddenGrid.SelectedRow;
        //int id = Convert.ToInt32(row.Cells[25].Text);
        fName = row2.Cells[0].Text;
        lName = row2.Cells[1].Text;
        addr = row2.Cells[2].Text;
        addr2 = row2.Cells[3].Text;
        city = row2.Cells[4].Text;
        state = row2.Cells[5].Text;
        zip = row2.Cells[6].Text;
        country = row2.Cells[7].Text;
        email = row2.Cells[8].Text;
        phone = row2.Cells[9].Text;
        ccType = row2.Cells[10].Text;
        ccNum = row2.Cells[11].Text;
        ccExp = row2.Cells[12].Text;
        length = row2.Cells[13].Text;
        delivery = row2.Cells[14].Text;
        price = row2.Cells[15].Text;
        source = row2.Cells[16].Text;
        joined = row2.Cells[17].Text;
        url = row2.Cells[18].Text;
        orderResults = row2.Cells[19].Text;
        pubName = row2.Cells[20].Text;
        sourceCode = row2.Cells[21].Text;
    }

    protected void searchFill()
    {
        orderByString = orderByList.SelectedItem.Value;
        fieldString = searchTextBox.Text;
        string sqlStatement = "SELECT * FROM SecureOrders WHERE fName LIKE '%" + fieldString + "%' OR lName LIKE'%" + fieldString + "%' OR addr LIKE'%" + fieldString + "%' OR addr2 LIKE'%" + fieldString + "%' OR city LIKE'%" + fieldString + "%' OR state LIKE'%" + fieldString + "%' OR zip LIKE'%" + fieldString + "%' OR zip LIKE'%" + fieldString + "%' OR country LIKE'%" + fieldString + "%' OR email LIKE'%" + fieldString + "%' OR phone LIKE'%" + fieldString + "%' OR ccType LIKE'%" + fieldString + "%' OR ccNum LIKE'%" + fieldString + "%' OR ccExp LIKE'%" + fieldString + "%' OR cwaSource LIKE'%" + fieldString + "%' OR cwaJoined LIKE'%" + fieldString + "%' OR length LIKE'%" + fieldString + "%' OR delivery LIKE'%" + fieldString + "%' OR price LIKE'%" + fieldString + "%' OR url LIKE'%" + fieldString + "%' OR orderResults LIKE'%" + fieldString + "%' OR pubName LIKE'%" + fieldString + "%' OR sourceCode LIKE'%" + fieldString+ "%' ORDER BY " + orderByString;
        using (SqlConnection connection = new SqlConnection(connectionString.ToString()))
        using(SqlCommand searchSort = new SqlCommand(sqlStatement, connection))
        {
            searchSort.Parameters.AddWithValue("@fieldString", fieldString);
            searchSort.Parameters.AddWithValue("@orderByString", orderByString);

            connection.Open();
                searchSort.ExecuteNonQuery();             
            connection.Close();
        }
    }

的.aspx

 <asp:GridView ID="DefaultGrid" 
        runat = "server"
        DataKeyNames = "IdentityColumn"
        onselectedindexchanged = "DefaultGrid_SelectedIndexChanged"
        autogenerateselectbutton = "True"
        enableviewstate = "False"
        selectedindex="0" DataSourceID="OrderSource" EnableModelValidation="True" 
        AutoGenerateColumns="False">
    <SelectedRowStyle BackColor="Azure"
        forecolor="Black"
        font-bold="true" />
    <Columns>
        <asp:TemplateField HeaderText = "Processed">
            <ItemTemplate>
                <asp:CheckBox
                ID="CheckBoxProcess"
                AutoPostBack = "true"
                Checked = '<%#Eval("processed") %>'
                OnCheckedChanged = "CheckBoxProcess_CheckedChanged"
                runat="server"
                Enabled = "true" />
            </ItemTemplate>
        </asp:TemplateField>
        <asp:BoundField DataField="fName" HeaderText="First Name" SortExpression="fName" />
        <asp:BoundField DataField="lName" HeaderText="Last Name" SortExpression="lName" />
        <asp:BoundField DataField="addr" HeaderText="Address" SortExpression="addr" />
        <asp:BoundField DataField="email" HeaderText="Email" SortExpression="email" />
        <asp:BoundField DataField="phone" HeaderText="Phone" SortExpression="phone" />
        <asp:BoundField DataField="ccType" HeaderText="Credit Card Type" 
            SortExpression="ccType" />
        <asp:BoundField DataField="length" HeaderText="Length" 
            SortExpression="length" />
    </Columns>
    </asp:GridView>
    <asp:SqlDataSource ID="OrderSource" runat="server" 
        ConnectionString="<%$ ConnectionStrings:SecureODBConnectionString %>" 
        SelectCommand="SELECT * FROM [SecureOrders]"></asp:SqlDataSource>
    </div>

Answer 1

也许这......

编写你的存储过程（正如@coder所说......你做的方式不安全）

创建程序dbo.myPROC （@ parm1 int = null，@ parm2 int = null，...）如 BEGIN
```
SELECT
   field1,
   field2,
   field3,
   ...
FROM
   Table
WHERE
   (field1 = @parm1 or @parm1 is null)
   OR
   (field2 = @parm2 or @parm2 is null)

END
```
配置数据源（使用向导）。

一旦确定了数据源的存储过程，它就会询问您存储过程中标识的每个参数的源值。只需填写默认值，其余部分就可以了。基本上你想要最终得到的是这样的（我没有得到这种语法上的正确 - 但是一旦你开始你的intellisense会得到它）：

...
<SELECT PARAMETERS>
   <PARAMETER name="parm1" type="integer">
   ...
</SELECT PARAMETERS>

修改searchFill（）过程以使用您在onload中创建的变种

me.datasource1.parameters.clear（） me.datassource.parameters（“parm1”）。defaultvalue = fname; me.datassource.parameters（“parm2”）。defaultvalue = lname; ...

重新绑定gridview

me.gridview.databind

这不优雅，但它似乎符合您迄今为止采用的方法。希望它有所帮助。

Answer 2

您必须从后面的代码将参数传递给sql数据源。看看this。

另外，你要小心sql注入攻击。您永远不应将文本框值直接传递给sql语句。我希望你的实际代码中有一个存储过程。

搜索/排序以在GridView中显示特定字段

2 个答案: