0

这是一个搜索页面,基于日期,根据会话前缀值选择表名。但是它给出的错误是无效的列名'ALV'。'ALV' 是前缀值之一。

protected void Button1_Click(object sender, EventArgs e)
    {
        DateTime fromDate;
        DateTime toDate;

        if (DateTime.TryParse(txtFrom.Text, out fromDate) && DateTime.TryParse(txtTo.Text, out toDate))
        {

            if (DropDownList1.SelectedItem.Text == "RouteToGrowth")
            {


                SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["ConStr"].ToString());
                con.Open();
                string Prefix = Session["Prefix"].ToString();
                string SqlStatement1 = " select ActionID,rid ,h.UserID,h.Date,h.Tablename,h.Feedback,h.Status from history h,LoginTable l where l.UserId=h.UserID and h.Tablename='RouteToGrowthRecord_st'  and l.Prefix=" + Prefix + " and date between @from and @to ";
                SqlCommand cmd1 = new SqlCommand(SqlStatement1, con);
                cmd1.Parameters.Add("@from", SqlDbType.Date).Value = fromDate;
                cmd1.Parameters.Add("@to", SqlDbType.Date).Value = toDate;
                cmd1.Parameters.Add("@Prefix", SqlDbType.VarChar).Value = Prefix;
                cmd1.CommandType = CommandType.Text;
                cmd1.ExecuteNonQuery();
                GridView1.DataBind();
                con.Close();
            }
        }
        else
        {
            ClientScript.RegisterStartupScript(Page.GetType(), "validation", "<script language='javascript'>alert('Please fill the data correctly')</script>");
        }
}
4

1 回答 1

0

sqlstatement不应该不带参数吗?

string SqlStatement1 = "select ActionID,rid ,h.UserID,h.Date,h.Tablename,h.Feedback,h.Status from history h,LoginTable l where l.UserId=h.UserID and h.Tablename='RouteToGrowthRecord_st'  and l.Prefix=@Prefix and date between @from and @to ";
于 2013-10-09T06:00:30.647 回答