3

我正在使用 SqlDataSource 来填充 GridView。这是我的代码:

private void DataCall()
{
    //Object gets created for use from the class(clsDataConduit)
    clsDataDictionary AnOrder = new clsDataDictionary();
    //Declaring a new SqlDataSource from the inbuilt class library
    SqlDataSource sqlDS_ItemTable = new SqlDataSource();
    //Using our datasource object being cast onto our objects connectionstring
    sqlDS_ItemTable.ConnectionString = AnOrder.ConnectionString;
    //Our sql statement being passed through to our .SelectCommand method
    sqlDS_ItemTable.SelectCommand = "Select tblOrders.OrderId, tblItem.ItemName, tblOrders.DateOrdered from tblItem, tblOrders where tblItem.ItemId = tblOrders.ItemId AND tblOrders.AuthId = 5";
    //Adding controls to our SqlDataSource object
    this.Controls.Add(sqlDS_ItemTable);
    //Declares the DataSource for our gridview !
    grdOrder.DataSource = sqlDS_ItemTable;
    //Binds the data to refresh every time it's used
    grdOrder.DataBind();
}

正如您在最后的 SQL 语句中看到的那样,我正在这样做tblOrders.AuthId = 5。但是我想做这样的事情tblOrders.AuthId = SessionAuthId .

我阅读了一些关于单独做某事的帖子,command.Parameters.Add(new SqlParameter("Name", dogName));但我不知道如何将其应用于我的代码。

我正在使用其他人的代码(教授)在作业中执行此操作,但我想稍微编辑它,因为我将开发登录系统等。

有人可以看一下该方法,看看我将如何更改它以将参数传递给它。这里还有完整的代码:http: //pastebin.com/sdrvW5Zn

4

5 回答 5

11

您可以使用该SelectParameters属性进行参数化查询。

sqlDS_ItemTable.SelectCommand = "Select tblOrders.OrderId, tblItem.ItemName, tblOrders.DateOrdered from tblItem, tblOrders where tblItem.ItemId = tblOrders.ItemId AND tblOrders.AuthId = @authID";

sqlDS_ItemTable.SelectParameters.Add(new SqlParameter("@authID", SessionAuthID));
于 2013-03-20T01:45:39.783 回答
0 
 String authId = SessionAuthID;//pass your session ID to the variable or directly you can     pass this value as the parameter value:

 string strSQL = "Select tblOrders.OrderId, tblItem.ItemName, tblOrders.DateOrdered from   tblItem, tblOrders where tblItem.ItemId = tblOrders.ItemId AND tblOrders.AuthId = @ID";
 SqlCommand cmdItem = new SqlCommand(strSQL, clsMain_Connection.openConn());
 cmdItem.Parameters.AddWithValue("@ID", authId);
于 2013-03-20T02:17:06.330 回答
0

TheGreatCO 建议的 string.format 方法看起来适用于您当前的实现,您将 SQL 查询作为字符串传递。

否则,您可以从 SQL 片段创建一个存储过程并将其设置为采用参数。

我假设 sessionAuthId 是一个整数。

CREATE PROCEDURE SP_SAMPLEPROCEDURENAME

(
    @p1 int      -- here the input parameter is declared
)


AS
    BEGIN

Select 
tblOrders.OrderId, 
tblItem.ItemName, 
tblOrders.DateOrdered 
from tblItem, tblOrders 
where tblItem.ItemId = tblOrders.ItemId 
AND tblOrders.AuthId = @p1   -- here the input parameter is used

END

要从 c# 调用存储的过程,您需要这样的方法:

public YOURReturnObject PopulateGridView(int sessionid)
{

SqlConnection conn = new SqlConnection("YourDBConnectionString);
SqlCommand comm = new SqlCommand("SP_SAMPLEPROCEDURENAME", conn);
comm.CommandType = CommandType.StoredProcedure;
comm.Parameters.AddWithValue("@p1",sessionid);

YOURReturnObject o = new YOURReturnObject();

using (comm.Connection)
{
comm.Connection.Open();
while (reader.Read())
{
//read the results into return object 

}

}
返回 o;

}
于 2013-03-20T02:30:05.593 回答
0

使用“选择参数”

sqlDS_ItemTable.SelectParameters.Clear(); 
sqlDS_ItemTable.SelectCommand = "Select tblOrders.OrderId, tblItem.ItemName, tblOrders.DateOrdered from tblItem, tblOrders where tblItem.ItemId = tblOrders.ItemId AND tblOrders.AuthId = @authID";
sqlDS_ItemTable.SelectParameters.Add("authID", SessionAuthID);

// sqlDS_ItemTable.SelectParameters.Add("stringParam",  TypeCode.String, stringParam); //like so for string validation
于 2016-01-07T13:16:47.177 回答
-5

使用string.Format() http://msdn.microsoft.com/en-us/library/system.string.format.aspx

执行以下操作:

sqlDS_ItemTable.SelectCommand = string.Format("Select tblOrders.OrderId, tblItem.ItemName, tblOrders.DateOrdered from tblItem, tblOrders where tblItem.ItemId = tblOrders.ItemId AND tblOrders.AuthId = {0}", SessionAuthId);

要回答您的第二个问题,您将更改方法的签名以包含参数。

private void DataCall(string SessionAuthId)
{
    // your method here...
}
于 2013-03-20T01:40:50.023 回答