1

我的代码中有一个数组列表,用于存储数据库中各种项目的 id 值。单击按钮后,我希望将这些 id 值传递给 SQLDataSource 以充当填充网格视图的参数。不幸的是,我对 VB 的有限知识阻碍了我,我对如何去做这样的事情感到困惑。

后面的代码

Protected Sub Preview_Click(ByVal sender As Object, ByVal e As EventArgs) Handles Preview_Button.Click

    Dim list As New ArrayList
    Dim atLeastOneRowSelected As Boolean = False
    'Iterate through the Devices.Rows property
    For Each row As GridViewRow In GridView1.Rows
        'Access the CheckBox
        Dim cb As CheckBox = row.FindControl("DeviceSelector")
        If cb IsNot Nothing AndAlso cb.Checked Then
            atLeastOneRowSelected = True
            'First, get the device_id for the selected row
            Dim device_id As Integer = _
                Convert.ToInt32(GridView1.DataKeys(row.RowIndex).Value)
            list.Add(device_id)
        End If
    Next

End Sub

.aspx 页面中的 SQLDataSource

<asp:SqlDataSource ID="SqlDataSource3" runat="server"
                ConnectionString="<%$ ConnectionStrings:LOTOConnectionString %>"
                SelectCommand="SELECT * FROM [DEVICES] WHERE ([devices_id] = @devices_id)">
    <SelectParameters>
        <asp:Parameter Name="devices_id" Type="Int32" />
    </SelectParameters>
</asp:SqlDataSource>

编辑

玩了一会儿之后,我意识到我可以使用 join 命令将我的列表形成一个合适的 SQL 字符串。所以我仍然不理解的唯一部分是如何从我的代码中引用 SQLDataSource 。

4

2 回答 2

0

好吧,我知道我需要做什么。我动态创建一个 SQL 查询并将其传递给我的 SQLDataSource。我不确定这是否让我容易受到 SQL 注入的影响,但由于我生成的查询是从单独的 gridview 中提取数据,我相信它可以吗?

后面的代码

Protected Sub Preview_Click(ByVal sender As Object, ByVal e As EventArgs) Handles Preview_Button.Click

    'Finds all checkboxes that have been selected in GridView1
    Dim list As New ArrayList
    Dim atLeastOneRowSelected As Boolean = False

    'Iterate through each row of GridView1
    For Each row As GridViewRow In GridView1.Rows
        'Access the CheckBox
        Dim cb As CheckBox = row.FindControl("DeviceSelector")
        If cb IsNot Nothing AndAlso cb.Checked Then
            atLeastOneRowSelected = True
            'Get the device_id of the selected row
            Dim device_id As Integer = _
                Convert.ToInt32(GridView1.DataKeys(row.RowIndex).Value)
            list.Add(device_id)
        End If
    Next

    If atLeastOneRowSelected Then
        'Generate an SQL command using the selected checkboxes
        Dim str As String = String.Join(" OR devices_id = ", list.ToArray())
        Dim query As String = "Select * FROM [DEVICES] where devices_id = " + str
        SqlDataSource3.SelectCommand = query

        'Enable the GenerateReport Button
        GenerateReport_Button.Enabled = True
    End If
End Sub

SQLDataSource

<asp:SqlDataSource ID="SqlDataSource3" runat="server"
                ConnectionString="<%$ ConnectionStrings:LOTOConnectionString %>"
                SelectCommand=""></asp:SqlDataSource>
于 2013-07-23T19:11:21.750 回答
0

只需使用 SqlDataSource 的 Selecting 事件来设置 parameter: 的值devices_id。此事件发生在 DataSource 执行查询之前。因此,在此事件中设置的任何值都将由下一个要执行的查询使用。

<asp:SqlDataSource ID="SqlDataSource3" runat="server"     
     OnSelecting="SqlDataSource3_Selecting"
     ConnectionString="<%$ ConnectionStrings:LOTOConnectionString %>"
     SelectCommand="SELECT * FROM [DEVICES] WHERE ([devices_id] = @devices_id)">

我不知道 VB 中的语法,可能下面的 C# 示例可能会对您有所帮助,因为逻辑相同,只是语法不同。

protected void SqlDataSource3_Selecting(object sender, SqlDataSourceSelectingEventArgs e) 
 { 
   for (int i=0;i < arrList.Count - 1;i++)
    {
      // just for example suppose Business logic needs the First ID value
       if(i==0)
        {
         // the select parameters can be accessed using: e.Command.Parameters
         e.Command.Parameters["@devices_id"].Value == Convert.ToInt32(list[i]);
        }
     } 
  }
于 2013-07-23T04:24:22.597 回答