0

我正在关注本教程,他正在使用模板字段,然后将文本框放入其中以显示数据,如下所示,

<ItemTemplate>
<asp:Label ID="lblitemUsr" runat="server" Text='<%#Eval("UserName") %>'/>
</ItemTemplate>
<FooterTemplate>
<asp:TextBox ID="txtftrusrname" runat="server"/>
<asp:RequiredFieldValidator ID="rfvusername" runat="server" ControlToValidate="txtftrusrname" Text="*" ValidationGroup="validaiton"/>
</FooterTemplate>
</asp:TemplateField>

然后在更新gridview时他正在这样做,

SqlCommand cmd = new SqlCommand("update Employee_Details set City='" + txtcity.Text + "',Designation='" + txtDesignation.Text + "' where UserId=" + userid, con);

而我正在做的是,

 <asp:BoundField DataField="userName" HeaderText="User" ItemStyle-Width="120px" />

现在我如何在更新 SQL 语句时获取 boundfield 值,因为没有 txtbox ?

我的 GridView 声明,

<asp:GridView ID="GridView1" runat="server" AutoGenerateColumns="false"
        CellPadding="5" OnRowDataBound="GridView1_RowDataBound" Width="800px" AllowPaging="True"
        PageSize="5" GridLines="Horizontal" OnPageIndexChanging="GridView1_PageIndexChanging" 
        OnRowCancelingEdit="GridView1_RowCancelingEdit" OnRowDeleting="GridView1_RowDeleting" 
        OnRowUpdating="GridView1_RowUpdating" OnRowEditing="GridView1_RowEditing" >
4

2 回答 2

2

如果您想使用 BoundFields 而不是 TemplateFields,您可以通过GridView1_RowUpdating事件处理程序找到用户输入的值。它有一个 type 的参数GridViewUpdateEventArgs。您所要做的就是循环浏览“NewValues”集合以获取您需要更新的列的值。

此外,您永远不应该将用户输入直接连接到 SQL 字符串中。这是一个众所周知的恶意攻击漏洞,称为“SQL 注入”。而是用户参数(我已将它们包含在下面的示例中)。

这是一个例子:

protected void GridView1_RowUpdating(Object sender, GridViewUpdateEventArgs e)
{
    string city = "";
    string designation = "";

    foreach (DictionaryEntry entry in e.NewValues)
    {
        if(entry.Key == "City")
        {
            city = entry.Value.ToString();
        }
        if(entry.Key == "Designation")
        {
            designation = entry.Value.ToString();
        }
    }

    SqlCommand cmd = new SqlCommand("update Employee_Details set City=@City, Designation=@Designation where UserId=@UserId", con);
    cmd.Parameters.Add("@City", SqlDbType.NVarChar);
    cmd.Parameters.Add("@Designation", SqlDbType.NVarChar);
    cmd.Parameters.Add("@UserId", SqlDbType.NVarChar);
    cmd.Paramters["@City"].Value = city;
    cmd.Paramters["@Designation"].Value = designation;
    cmd.Paramters["@UserId"].Value = userid;
}

如果您打算将 SqlDataSource 与 GridView 一起使用,则不需要任何代码。数据源控件将处理您的所有更新逻辑。您只需要包含一个带有参数的更新命令:

<asp:SqlDataSource ID="myDataSource" runat="server"
    SelectCommand="Your select statement goes here"
    UpdateCommand="update Employee_Details set City=@City, Designation=@Designation where UserId=@UserId" />

请注意,您需要以与 BoundFields 的“DataField”属性相同的方式命名参数。所以上面你有<asp:BoundField DataField="userName"...,然后你想在你的更新命令中使用“@userName”作为那个字段。

于 2013-04-30T13:11:28.137 回答
1

You forgot to set the most important thing DataKeyNames in your <asp:Gridview></asp:GridView> declaration, first add that and then,

You may try like this:

    protected void GridView1_RowUpdating(object sender, GridViewUpdateEventArgs e)
    {

                int userid = Convert.ToInt32(GridView1.DataKeys[e.RowIndex]["userid"]);
                string City= ((TextBox)(GridView1.Rows[e.RowIndex].Cells[2].Controls[0])).Text.Trim();
                string Designation = ((TextBox)(GridView1.Rows[e.RowIndex].Cells[3].Controls[0])).Text.Trim();

                SqlCommand cmd = new SqlCommand("update Employee_Details set City='" + City + "',Designation='" + Designation + "' where UserId=" + userid, con);
                // 
                // other Code snippets
                //
                GridView1.EditIndex = -1;
                BindGridview();

    }

You will have to provide cell[n] values of cell that you want in code behind.

于 2013-04-30T13:04:16.330 回答