1

我将gridview绑定到sqldatasource。我的问题是,当我在select语句中使用没有where子句的sqldatasource时它工作正常,但是当我将它与where子句一起使用时,它在Query Builder测试和返回记录中工作正常,但在运行时不起作用。我使用 Sql Profiler 并看到当我使用 where 子句时查询未运行。我听说 .NET 由于 sql 注入而阻止使用 where 子句运行查询,但我不知道如何更正我的查询。我的 sql 数据源:

<asp:SqlDataSource ID="SqlDataSource2" runat="server" 
        ConnectionString="<%$ ConnectionStrings:chargeDBConnectionString %>"  SelectCommand="SELECT CARDNUMBER, VISITDATE, ACCNUMBER, ACTIONCODE FROM LOGTABLE WHERE (CARDNUMBER = @cardno OR @cardno IS NULL AND CARDNUMBER &lt;&gt; N'-' AND @ttype = 1 OR @ttype = 0) AND (VISITDATE &gt;= @fdate AND VISITDATE &lt;= @edate) AND (ACCNUMBER = @accno OR @accno IS NULL AND ACCNUMBER &lt;&gt; N'-' AND @ttype = 0 OR @ttype = 1) AND (ACTIONCODE = @actioncode OR @actioncode IS NULL)">
        <SelectParameters>
            <asp:FormParameter FormField="cardNo" Name="cardno" />
            <asp:ControlParameter ControlID="ddlType" Name="ttype" 
                PropertyName="SelectedValue" />
            <asp:FormParameter FormField="fromDate" Name="fdate" />
            <asp:FormParameter FormField="toDate" Name="edate" />
            <asp:FormParameter FormField="accNo" Name="accno" />
            <asp:ControlParameter ControlID="ddltransname" Name="actioncode" 
                PropertyName="SelectedValue" />
        </SelectParameters>
    </asp:SqlDataSource>
4

1 回答 1

3

The most likely culprit is that one of your parameters is evaluating to null, and the SqlDataSource is cancelling the select query.

To correct that, you need to set the SqlDataSource.CancelSelectOnNullParameter property to false (it is true by default) in your SqlDataSource declaration:

<asp:SqlDataSource ID="SqlDataSource2" runat="server" 
    ConnectionString="<%$ ConnectionStrings:chargeDBConnectionString %>"  
    SelectCommand="SELECT CARDNUMBER, VISITDATE, ACCNUMBER, ACTIONCODE FROM LOGTABLE WHERE (CARDNUMBER = @cardno OR @cardno IS NULL AND CARDNUMBER &lt;&gt; N'-' AND @ttype = 1 OR @ttype = 0) AND (VISITDATE &gt;= @fdate AND VISITDATE &lt;= @edate) AND (ACCNUMBER = @accno OR @accno IS NULL AND ACCNUMBER &lt;&gt; N'-' AND @ttype = 0 OR @ttype = 1) AND (ACTIONCODE = @actioncode OR @actioncode IS NULL)"
    CancelSelectOnNullParameter="False">
    <SelectParameters>
        <asp:FormParameter FormField="cardNo" Name="cardno" />
        <asp:ControlParameter ControlID="ddlType" Name="ttype" 
            PropertyName="SelectedValue" />
        <asp:FormParameter FormField="fromDate" Name="fdate" />
        <asp:FormParameter FormField="toDate" Name="edate" />
        <asp:FormParameter FormField="accNo" Name="accno" />
        <asp:ControlParameter ControlID="ddltransname" Name="actioncode" 
            PropertyName="SelectedValue" />
    </SelectParameters>
</asp:SqlDataSource>
于 2013-03-04T15:54:22.773 回答