I am learning ASP.NET(C#) and came across this code:
<asp:DropDownList
id="ddlMovieCategory"
DataSourceID="srcMovieCategories"
DataTextField="Name"
DataValueField="Id"
Runat="server" />
<asp:Button
id="btnSelect"
Text="Select"
Runat="server" />
<asp:GridView
id="grdMovies"
DataSourceID="srcMovies"
CssClass="gridView"
Runat="server" />
<asp:SqlDataSource
id="srcMovieCategories"
SelectCommand="SELECT Id, Name FROM MovieCategories"
ConnectionString="<%$ ConnectionStrings:Movies %>"
Runat="server" />
<asp:SqlDataSource
id="srcMovies"
SelectCommand="SELECT Title,Director FROM Movies
WHERE CategoryId=#Id"
ConnectionString="<%$ ConnectionStrings:Movies %>"
Runat="server">
<SelectParameters>
<asp:ControlParameter
Name="Id"
ControlID="ddlMovieCategory"
PropertyName="SelectedValue" />
</SelectParameters>
</asp:SqlDataSource>
I am wondering How the # symbol in the last control's SelectCommand work. It works as expected but I don't understand how it gets the value following the # i.e. if it is to use a variable which is escaped in ASP tag then how does it know that Id refers to the DropDownList's currently selected item.
Edit: I think I might have found the solution. I think it's from this bit of code, Am I correct:
<asp:ControlParameter
Name="Id"
ControlID="ddlMovieCategory"
PropertyName="SelectedValue" />
</SelectParameters>
The following string
"SELECT Title,Director FROM Movies WHERE CategoryId=#Id"
represents a parameterized sql query. The value of parameter Id, #Id, would be assigned to CategoryId, before this query is sent to database, in order to be executed.
Parameterized queries are the first thing we use, in order we avoid SQL injections.
Related
Registration form
[This is working fine. I had wrong information to test with. I will leave up because it is the way to do cascading DDL's using SQLDataSource albeit outdated]
My primary language is C# but the application is in VB.Net. I have appointment application students sitting for individual and group portraits on college campuses. The registration page has three dropdown lists:
(1) college Campuses, (2) Organizations that belong to a particular Campus, and a (3) Classification schema that belongs to a particular Organization. The Campus and Organization dropdown lists work as expected. The Classification will display the class schema for the first organization on the initial load of the page but will not change after that. A class schema can be [Freshman, Sophomore, Junior, Senior] or [Undergradutre, Masters, Doctoral, Faculty]. There are other class schemas. There is one class schema per organization.
Running the configure on all Datasource components shows them functioning properly. That is the Classification Data Source shows varying schema depending on the organization parameter entered. Here is the set up:
<asp:SqlDataSource ID="CampusSource" runat="server" ConnectionString="<%$ ConnectionStrings:XXXConnectionString %>"
SelectCommand="spCampusSel" SelectCommandType="StoredProcedure">
</asp:SqlDataSource>
<asp:SqlDataSource ID="OrgSource" runat="server" ConnectionString="<%$ ConnectionStrings:XXXConnectionString %>"
SelectCommand="spOrgByCampusSel" SelectCommandType="StoredProcedure">
<SelectParameters>
<asp:ControlParameter ControlID="CampusDDL" Name="ParentOrg_ID" PropertyName="SelectedValue" Type="Int32" />
</SelectParameters>
</asp:SqlDataSource>
<asp:SqlDataSource ID="ClassSource" runat="server" ConnectionString="<%$ ConnectionStrings:XXXConnectionString %>"
SelectCommand="spClassSchemaByOrgSel" SelectCommandType="StoredProcedure">
<SelectParameters>
<asp:ControlParameter ControlID="OrgDDL" DefaultValue="" Name="OrgID" PropertyName="SelectedValue" Type="Int32" />
</SelectParameters>
</asp:SqlDataSource>
<asp:DropDownList ID="CampusDDL"
TabIndex="1"
DataSourceID="CampusSource"
DataValueField="Org_ID"
DataTextField="LongName"
AutoPostBack="True"
RunAt="server">
</asp:DropDownList>
<asp:DropDownList ID="OrgDLL"
TabIndex="2"
DataSourceID="OrgSource"
DataTextField="LongName"
DataValueField="Org_ID"
AutoPostBack="True"
RunAt="server">
</asp:DropDownList>
<asp:DropDownList ID="ClassDDL"
TabIndex="8"
DataSourceID="ClassSource"
DataValueField="Class"
DataTextField="Class"
AutoPostBack="False"
runat="server">
</asp:DropDownList>
According the Microsoft Docs, this is all I need. But I have also tried setting the ClassSource's parameter value in code at various palaces including the Selecting event. At least I could see that the OrgDDL has the correct organization values (the primary key of the organization). Thus the correct values were being supplied to the datasource.
Protected Sub DMS_Class_Selecting(ByVal sender As Object, ByVal e As SqlDataSourceSelectingEventArgs) Handles DMS_Class.Selecting
e.Command.Parameters(0).Value = OrgDDL.SelectedValue
End Sub
All SQLDataSources are set to DataSet mode. The Class Schema store procedure returns 1 column with each class on a row. Such as:
Freshman
Sophomore
Junior
Senior
Is there a way to define SessionParamters in the SelectParameters of a DataSource that aren't called in the SelectCommand?
I want the parameter to be defined so it can be used later, after initial page generation, but when it's not used in the SelectCommand the DataSource doesn't seem to work - the GridView which calls it appears empty, yet generates fine when the unused Parameters are excluded.
For example, the following definition will fill the GridView successfully:
<asp:SqlDataSource ID="DataSource1" runat="server" ConnectionString="<%$ ConnectionStrings:ConnectionString1 %>" SelectCommand="SELECT * FROM Customers WHERE #UsedParameter='Green'">
<SelectParameters>
<asp:SessionParameter Name="UsedParameter" SessionField="Parameter1" />
</SelectParameters>
</asp:SqlDataSource>
Whereas the following would not fill the GridView:
<asp:SqlDataSource ID="DataSource1" runat="server" ConnectionString="<%$ ConnectionStrings:ConnectionString1 %>" SelectCommand="SELECT * FROM Customers WHERE #UsedParameter='Green'">
<SelectParameters>
<asp:SessionParameter Name="UsedParameter" SessionField="Parameter1" />
<asp:SessionParameter Name="UnUsedParameter2" SessionField="Parameter2" />
</SelectParameters>
</asp:SqlDataSource>
That is interesting... I think I've seen that problem before when I forgot to remove a parameter. Since you are likely going to change the select command later to use the other parameter, why don't you just add the parameter at that time?
VB
Dim p As New SessionParameter("UnUsedParameter2", "Parameter2")
DataSource1.SelectParameters.Add(p)
C#
SessionParameter p = new SessionParameter("UnUsedParameter2", "Parameter2")
DataSource1.SelectParameters.Add(p);
Hi I want to bind text string in SelectCommand code:
<asp:TextBox ID="TextBox1" runat="server"></asp:TextBox>
<asp:SqlDataSource ID="SqlDataSource1" runat="server"
ConnectionString="<%$ ConnectionStrings:finchsize_polibudaConnectionString %>"
SelectCommand="SELECT ocena FROM Oceny AS lista WHERE przedmiot = #ID"/>
<SelectParameters>
<asp:ControlParameter ControlID="TextBox1" DefaultValue="0" Name="ID"
PropertyName="Text" Type="String" />
</SelectParameters>
But my VS 2012 said that: 1.Validation(XHTML5): Element SelectParameters is not supported. 2. Element 'ControlParameter' is not a known element. Do yuo know how to fix that, or is it any other way to bind some text in SelectCommand ?
P.S. I tried
<asp:QueryStringParameter />
as well but it gives me exactly the same error.
The SelectParameters element needs to be a child of SqlDataSource. Right now you have it as a peer
<asp:SqlDataSource ID="SqlDataSource1" runat="server"
ConnectionString="<%$ ConnectionStrings:finchsize_polibudaConnectionString %>"
SelectCommand="SELECT ocena FROM Oceny AS lista WHERE przedmiot = #ID">
<SelectParameters>
<asp:ControlParameter ControlID="TextBox1" DefaultValue="0" Name="ID"
PropertyName="Text" Type="String" />
</SelectParameters>
</asp:SqlDataSource>
I have an SqlDataSource control with a selectcommand that doesn't fire onselected event (while another one, very similar, fires it).
The one that doesn't fire:
<asp:SqlDataSource ID="CommunicationSQLDataSource" runat="server" ConnectionString="<%$ ConnectionStrings:aspnet-WebApplication6-20131007103938ConnectionString1 %>"
SelectCommand="SELECT * FROM tCommunication" OnSelected="CommunicationSQLDataSource_Selected">
<SelectParameters>
<asp:Parameter Type="String" Name="ProjectID"></asp:Parameter>
</SelectParameters>
</asp:SqlDataSource>
(The one that fires, just for reference)
<asp:SqlDataSource ID="DetailsSQLDataSource" runat="server" ConnectionString="<%$ ConnectionStrings:aspnet-WebApplication6-20131007103938ConnectionString1 %>"
SelectCommand="SELECT [ProjectID], ..." OnSelected="DetailsSQLDataSource_Selected">
<SelectParameters>
<asp:Parameter Name="ProjectID" Type="Object" />
</SelectParameters>
</asp:SqlDataSource>
What I see is that the debugger doesn't reach the block of CommunicationSQLDataSource_Selected even though it is referenced in the control.
be sure you Use it in Form tag or asp:Content ..upon which Environment used
<form id="form1" runat="server">
<asp:SqlDataSource ID="DetailsSQLDataSource" runat="server" ConnectionString="<%$ ConnectionStrings:aspnet-WebApplication6-20131007103938ConnectionString1 %>"
SelectCommand="SELECT [ProjectID], ..." OnSelected="DetailsSQLDataSource_Selected">
<SelectParameters>
<asp:Parameter Name="ProjectID" Type="Object" />
</SelectParameters>
</asp:SqlDataSource>
</form>
I solved it. I clicked config. data source, and walked through the wizard without changing anything. Thanks for all.
Set CancelSelectOnNullParameter property to false
I have a SqlDataSource SelectCommand on my .aspx page.
<asp:SqlDataSource ID="SqlDataSource1" runat="server"
ConnectionString="<%$ ConnectionStrings:MyConnectionString %>"
SelectCommand="SELECT * FROM [UserResult]"
OnSelecting="SqlDataSource1_Selecting">
</asp:SqlDataSource>
This statement will grep a list of data from the table UserResult.
However I would only want to list specific results which belongs to the user.
I have attached a column in the UserResult table which is username, and I tried to form an sql statement like this but it seems to search for user User.Identity.nAME :
<asp:SqlDataSource ID="SqlDataSource1" runat="server"
ConnectionString="<%$ ConnectionStrings:SODConnectionString %>"
SelectCommand="SELECT * FROM [UserResult] WHERE [username] LIKE 'User.Identity.Name'";"
OnSelecting="SqlDataSource1_Selecting">
</asp:SqlDataSource>
May I know how can I do it?
Update:
From solution from Curt, I have tried to implement the following:
<asp:SqlDataSource ID="SqlDataSource1" runat="server"
ConnectionString="<%$ ConnectionStrings:SODConnectionString %>"
SelectCommand="SELECT * FROM [UserResult] WHERE [username]=#username"
OnSelecting="SqlDataSource1_Selecting">
<SelectParameters>
<asp:Parameter Name="username" Type="String" DefaultValue='<%=User.Identity.Name %>' />
</SelectParameters>
</asp:SqlDataSource>
However I am still not able to retrieve data according to the username.
I tried to hard code a username into the username parameter and it worked:
Anyone could help?
<asp:Parameter Name="username" Type="String" DefaultValue="james" />
Your statement is looking for User.Identity.Name because this is set as a string.
Try using code blocks:
<asp:SqlDataSource ID="SqlDataSource1" runat="server"
ConnectionString="<%$ ConnectionStrings:SODConnectionString %>"
SelectCommand="SELECT * FROM [UserResult] WHERE [username]=#username"
OnSelecting="SqlDataSource1_Selecting">
<SelectParameters>
<asp:Parameter Name="username" Type="String" DefaultValue='<%=User.Identity.Name %>' />
</SelectParameters>
</asp:SqlDataSource>
Embedded Code Blocks in ASP.NET Web Pages
It is not necessary to declare a Default Value in .aspx file. You can only add to the code behind file.
protected void Page_Init(object sender, EventArgs e)
{
SqlDataSource1.InsertParameters["UserName"].DefaultValue = User.Identity.Name;
}