SELECT
LeagueTable.P,
LeagueTable.W,
LeagueTable.D,
LeagueTable.L,
LeagueTable.GF,
LeagueTable.GA,
LeagueTable.GD,
LeagueTable.Pts,
Team.Team_name,
LeagueTable.Team_ID
FROM LeagueTable
INNER JOIN Team
ON LeagueTable.Team_ID = Team.Team_ID
I've got the user to enter a team name on start up that is entered into the Team table, which redirects to a webpage with a league table. The league table initially contains no data but it should be displaying a row with the users input once the user has gotten to this page.
However this query shows the GridView as blank. What's wrong with it?
asp:GridView ID="GridView1" runat="server" AutoGenerateColumns="False" DataSourceID="SqlDataSource1" EmptyDataText="No teams entered into the table.">
<Columns>
<asp:BoundField DataField="P" HeaderText="P" SortExpression="P" />
<asp:BoundField DataField="W" HeaderText="W" SortExpression="W" />
<asp:BoundField DataField="D" HeaderText="D" SortExpression="D" />
<asp:BoundField DataField="L" HeaderText="L" SortExpression="L" />
<asp:BoundField DataField="GF" HeaderText="GF" SortExpression="GF" />
<asp:BoundField DataField="GA" HeaderText="GA" SortExpression="GA" />
<asp:BoundField DataField="GD" HeaderText="GD" SortExpression="GD" />
<asp:BoundField DataField="Pts" HeaderText="Pts" SortExpression="Pts" />
<asp:BoundField DataField="Team_name" HeaderText="Team_name" SortExpression="Team_name" />
<asp:BoundField DataField="Team_ID" HeaderText="Team_ID" SortExpression="Team_ID" />
</Columns>
</asp:GridView>
protected void NewTeamBtn_Click(object sender, EventArgs e)
{
string qry1 = "INSERT into Team (Team_name) VALUES (#Team_name)";
using (SqlCommand cmd = new SqlCommand(qry1, con))
{
cmd.Parameters.Add(("#Team_name"), SqlDbType.VarChar).Value = NewTeamTxtBox.Text;
cmd.CommandType = CommandType.Text;
con.Open();
cmd.ExecuteNonQuery();
con.Close();
}
Response.Redirect("EnterData.aspx");
}
<asp:SqlDataSource ID="SqlDataSource1" runat="server" ConnectionString="<%$ ConnectionStrings:SportsData2ConnectionString %>" SelectCommand="SELECT LeagueTable.League_ID, LeagueTable.Team_ID, LeagueTable.P, LeagueTable.W, LeagueTable.D, LeagueTable.L, LeagueTable.GF, LeagueTable.GA, LeagueTable.GD, LeagueTable.Pts, Team.Team_name FROM LeagueTable INNER JOIN Team ON LeagueTable.Team_ID = Team.Team_ID"></asp:SqlDataSource>
Based on your comments it appears you may be inserting data into your Team table, but when you run the select statement you have in your SQL Data Source you will notice you have an Inner Join. That Inner Join means that if the team Id is not in either one of the 2 tables you are joining then no results will be returned.
I don't see your sql data source code, but another possible point of failure is the TeamID you pass into that control. There are 3 questions that come to my mind for making sure you get valid data.
1) Where are you getting it from?
2) Is it valid and in both tables?
3) Are you rebinding the gridview after setting that value?
Edit
What you want to do does not at all match your question at this point. You should edit your title and question.
I would use something like this for your insert.
DECLARE #TeamID as INT
INSERT into Team (Team_name) VALUES (#Team_name)
SELECT #TeamID = SCOPE_IDENTITY();
INSERT into LeagueTable Team_ID VALUES #TeamID
this post will help Scope_Identity vs ##Identity
this stack question will help too.
Related
I need to output the data that's only on the first row, but it is printing all the data added to the database table. Here is the data:
For example, It should print only "Not Very Nice" and the message of ID 27, but not the second row that has ID 28.
Here is the code:
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;
public partial class feedback1 : System.Web.UI.Page
{
SqlConnection con;
string cons = ConfigurationManager.ConnectionStrings["constring"].ConnectionString;
SqlCommand cmd;
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button1_Click(object sender, EventArgs e)
{
con = new SqlConnection(cons);
con.Open();
cmd = new SqlCommand("insert into feedback(username,message) values('" + TextBox1.Text + "','" + TextBox2.Text +"')", con);
cmd.ExecuteNonQuery();
}
}
Here is the output..
This is the output page code..
<form id="form1" runat="server">
<asp:GridView ID="GridView1" runat="server" AutoGenerateColumns="False" DataKeyNames="id" DataSourceID="SqlDataSource1" EnableModelValidation="True" OnSelectedIndexChanged="GridView1_SelectedIndexChanged" GridLines="None">
<Columns>
<asp:BoundField DataField="id" InsertVisible="False" ReadOnly="True" SortExpression="id" />
<asp:BoundField DataField="username" HeaderText="username" SortExpression="username" />
<asp:BoundField DataField="message" HeaderText="message" SortExpression="message" />
</Columns>
</asp:GridView>
<asp:SqlDataSource ID="SqlDataSource1" runat="server" ConnectionString="<%$ ConnectionStrings:ConnectionString %>" OnSelecting="SqlDataSource1_Selecting" SelectCommand="SELECT * FROM [feedback]"></asp:SqlDataSource>
<div>
</div>
</form>
This is just a case of modifying your SQL-query:
Selecting the 1st row:
<asp:SqlDataSource
ID="SqlDataSource1"
runat="server"
ConnectionString="<%$ ConnectionStrings:ConnectionString %>"
OnSelecting="SqlDataSource1_Selecting"
SelectCommand="SELECT * FROM [feedback] LIMIT 1">
</asp:SqlDataSource>
Selecting specific ID:
<asp:SqlDataSource
ID="SqlDataSource1"
runat="server"
ConnectionString="<%$ ConnectionStrings:ConnectionString %>"
OnSelecting="SqlDataSource1_Selecting"
SelectCommand="SELECT * FROM [feedback] WHERE [id] = REPLACE_WITH_YOUR_NUMBER">
</asp:SqlDataSource>
"Note: Not all database systems support the SELECT TOP clause. MySQL supports the LIMIT clause to select a limited number of records."
Please see: https://www.w3schools.com/sql/sql_top.asp
NOTE
Your program is vulnerable to SQL-injections.
Please modify your input to sanitize your query before its executed.
protected void Button1_Click(object sender, EventArgs e)
{
con = new SqlConnection(cons);
con.Open();
string txtb1= TextBox1.Text,
txtb2= TextBox2.Text;
sqlCommand.CommandText = "select * from product where name = #name";
cmd = new SqlCommand("insert into feedback(username,message) values('" + #txtb1 + "','" + #txtb2 +"')", con);
cmd.Parameters.AddWithValue("txtb1", txtb1);
cmd.Parameters.AddWithValue("txtb2", txtb2);
cmd.ExecuteNonQuery();
}
๐ Stop right there! ๐จโ! This is the police ๐ฎ I hope you've read up on the laws around this block. You're in violation of penal code 404 - Database Not Found!
If you post another ๐ sql-vulnerable ๐ post again in this neighborhood ๐ ๐
I'm gonna have to ๐ arrest you ๐
No ticket today ๐ฆ
๐This is just a warning โ ๏ธ be careful next time ๐ง
Depending on whether you always want that specific row with ID 27, or whether you just want the "first" row, whatever that happens be, you can write either
SELECT * FROM feedback WHERE id = 27
or
SELECT * FROM feedback LIMIT 1
respectively.
P.S. This is given using MySQL syntax, since that's what you tagged the question with. However, from your code I can see that you use a SqlConnection object to connect, which is only compatible with Microsoft SQL Server. If you're using SQL Server and not MySQL, then please change your question tags to mention the correct product. You would also need to alter the second query in my example above to SELECT TOP 1 FROM feedback, as TOP is used in SQL Server, whereas LIMIT achieves the same effect in MySQL.
I have a simple GridView that uses 3 session variables; CoName that is captured when the user logs in and PurchaseOrderDate, and HeatNumber that are captured in text boxes (both of these are optional) as input parameters for a stored procedure on a SQLServer 2012 database. I have a CustomerLanding.aspx page that has a search button on it that, when clicked, redirects the user to a TestReportLanding.aspx page that currently has the GridView on it. Everything works as it should in this scenario.
I want to move the GridView to CustomerLanding.aspx so I can display the search results on the same page that has the search parameters and the search button. Eventually I want to use AJAX for the update, but for now I'm just putting the GridView in a different div. When I use this setup, the query only returns results when the optional parameters (PurchaseOrderDate and HeatNumber) are provided. My stored procedure only requires CoName for it's search, so I should get a lot more rows returned with the optional parameters left empty.
Being somewhat new to .NET, I'm hoping that I'm missing something simple here.
Here is my GridView code in CustomerLanding along with the SqlDataSource:
<div class="col-xs-12 col-lg-10">
<asp:Label ID="NoRecordsFound" runat="server" Visible ="false" Text="No records found."></asp:Label>
<asp:GridView ID="GridView1" runat="server" BorderColor="#999999" BorderStyle="Solid" BorderWidth="1px" CellPadding="3" GridLines="Vertical" BackColor="White" ForeColor="Black" AllowSorting="True" AutoGenerateColumns="False" DataSourceID="SqlDataSource1">
<AlternatingRowStyle BackColor="#CCCCCC" />
<Columns>
<asp:BoundField DataField="doc" HeaderText="doc" SortExpression="doc" />
<asp:BoundField DataField="Date" HeaderText="Date" SortExpression="Date" />
<asp:BoundField DataField="Heat" HeaderText="Heat" SortExpression="Heat" />
<asp:BoundField DataField="Dir" HeaderText="Dir" SortExpression="Dir" />
</Columns>
</asp:GridView>
<asp:SqlDataSource ID="SqlDataSource1" runat="server" ConnectionString="<%$ ConnectionStrings:iiConnectionString %>" SelectCommand="sp_test_reports" SelectCommandType="StoredProcedure">
<SelectParameters>
<asp:SessionParameter Name="CustomerName" SessionField="CoName" Type="String" />
<asp:SessionParameter DbType="Date" Name="Date" SessionField="PurchaseOrderDate" />
<asp:SessionParameter Name="Heat" SessionField="HeatNumber" Type="String" />
</SelectParameters>
</asp:SqlDataSource>
</div>
And for what it's worth here is my stored procedure (I'm certain this is not the problem because it works when the DataGrid is on a seperate page:
CREATE PROCEDURE [dbo].[sp_test_reports]
-- Add the parameters for the stored procedure here
#CustomerName varchar(50),
#Date date,
#Heat varchar(50)
AS
BEGIN
-- SET NOCOUNT ON added to prevent extra result sets from
-- interfering with SELECT statements.
SET NOCOUNT ON;
-- Insert statements for procedure here
IF #Heat IS NULL AND #Date IS NULL
SELECT DISTINCT TOP 1000 d.doc, d.Date, dl.Heat, d.Dir
FROM documents d
INNER JOIN Documents_Line_Items dl ON d.Doc = dl.Doc
WHERE d.type = 2 and d.Customer = #CustomerName;
ELSE IF #Heat IS NOT NULL AND #Date IS NULL
SELECT DISTINCT(d.doc), d.Date, dl.Heat, d.Dir
FROM documents d
INNER JOIN Documents_Line_Items dl ON d.Doc = dl.Doc
WHERE d.type = 2 AND d.Customer = #CustomerName AND dl.Heat = #Heat;
ELSE IF #Heat IS NULL AND #Date IS NOT NULL
SELECT DISTINCT(d.doc), d.Date, dl.Heat, d.Dir
FROM documents d
INNER JOIN Documents_Line_Items dl ON d.Doc = dl.Doc
WHERE d.type = 2 AND d.Customer = #CustomerName AND d.Date = #Date;
ELSE IF #Heat IS NOT NULL AND #Date IS NOT NULL
SELECT DISTINCT(d.doc), d.Date, dl.Heat, d.Dir
FROM documents d
INNER JOIN Documents_Line_Items dl ON d.Doc = dl.Doc
WHERE d.type = 2 AND d.Customer = #CustomerName AND d.Date = #Date AND dl.Heat = #Heat;
END
And here is the code behind my search button:
Note that if I uncomment the Response.Redirect here, the GridView works like it should.
protected void TestReports_Click(object sender, EventArgs e)
{
Session["PurchaseOrderDate"] = DatePurchaseOrder.Text;
Session["HeatNumber"] = HeatText.Text;
GridView1.Visible = true;
MessageBox.Show(Session["CoName"].ToString());
MessageBox.Show(Session["HeatNumber"].ToString());
if (GridView1.Rows.Count == 0)
{
NoRecordsFound.Visible = true;
}
else
{
NoRecordsFound.Visible = false;
}
//Response.Redirect("TestReportLanding.aspx", false);
}
Thanks in advance for the help.
In your stored procedure, initialize your two optional parameters to NULL.
#CustomerName varchar(50),
#Date date = NULL,
#Heat varchar(50) = NULL
Parameters for a stored procedure aren't really "optional" unless they've been initialized to something.
Finally found an answer here:
empty gridview although the sqldatasource has values
Basically set CancelSelectOnNullParameter="false" on the SqlDatasource.
So here I have few gridviews in a row in asp.net. The problem now is it is inconsistent where some gridview would have 5 data and some would have 10. It looks ugly and since I needed to print. It's crucial.
I wanted to show max 15 rows. It is databound from the database which the user would fill up the subjects taken form(up to 15 rows). And if any of the rows doesn't have any of the data. It would leave it blank instead(note that the database didn't fills up to 15 rows.. only what is entered by the user). I've done some research but only found a few that might be related but using javascipt/changing current SQL given. I'm not allowed to use any javascript in the site (supports later would be a problem). And since I'm an intern. The sql code is given to me. I just need to implement it. What can I do to show fixed amount of rows in gridview? Is there any attribute that I can use in gridview to fill up the empty space to 15 rows?
aspx file
<asp:GridView ID="GridViewResult" runat="server" AutoGenerateColumns="False" EmptyDataText="NO RECORD" Font-Size="Small"
GridLines="Both" CellPadding="1" Height="101px" Width="100%" ShowFooter="True">
<Columns>
<asp:TemplateField HeaderText="Subjects">
<ItemTemplate>
<asp:Label ID="lbl" runat="server" Text='<%# Eval("Subjects") %>'></asp:Label>
</ItemTemplate>
<ItemStyle HorizontalAlign="Center" Width="25px" />
</asp:TemplateField>
<asp:TemplateField HeaderText="Grade">
<ItemTemplate>
<asp:Label ID="lbl1" runat="server" Text='<%# Eval("Grade") %>'></asp:Label>
</ItemTemplate>
<ItemStyle HorizontalAlign="Center" Width="25px" />
</asp:TemplateField>
</Columns>
<HeaderStyle Font-Bold="True" HorizontalAlign="Center" Height="40px"/>
<PagerStyle ForeColor="#8C4510" HorizontalAlign="Center" />
<FooterStyle HorizontalAlign="Center" />
</asp:GridView>
And the back code
Protected void LoadgvResult1()
{
SqlCommand cmdgvKep1 = new SqlCommand();
cmdgvKep1.Connection = conn;
cmdgvKep1.CommandType = CommandType.Text;
cmdgvKep1.CommandText = " SELECT ROW_NUMBER() OVER(ORDER BY Grade ASC) AS Numb, Subjects, Grade ";
cmdgvKep1.CommandText += " FROM Result_SMU ";
cmdgvKep1.CommandText += " WHERE siri = '" + siri + "' ";
conn.Open();
SqlDataAdapter adaptergvKep1 = new SqlDataAdapter(cmdgvKep1);
DataSet dsgvKep1 = new DataSet();
adaptergvKep1.Fill(dsgvKep1, "Result_SMU");
GridViewResult1.DataSource = dsgvKep1;
GridViewResult1.DataBind();
conn.Close();
}
There was a lot of problems with your code.
1)Your data access layer should not be on the same place when you are
DataBind the Grid
2)You should not use global SqlConnection. Connection pool is your
friend. Also if exception occurs your connection will never be closed.
3)Your query should use sql parameters to prevent from Sql Injection.
4) You should wrap SqlDataAdapter in using statement, so it will be disposed
after Fill.
If I understood you correctly you want to fill the grid with dummy records for some reason in the C# when the number of the records are under 15, you can add dummy rows to the fetch dataset like this.
int countRows = dsgvKep1 .Tables[0].Rows.Count;
int dummyRecords = 0;
if(countRows < 15)
{
dummyRecords = 15 - countRows;
}
for (int i = 0; i < dummyRecords; i++)
{
DataTable tbl = dsgvKep1.Tables[0];
DataRow row = tbl.NewRow();
//add dummy values if you want
//row["ColumnName"] = value;
tbl.Rows.Add(row);
}
I advise you to fix the 4 pointers which I gave you. From what I see you are intern and this will be good for you in long term.
I wrote how to create a simple data access layer in this question: checking user name or user email already exists , here you can see data layer, disposing sqlDataAdapter, preventing of not close sql connection when exception occur and also preventing sql injection using SqlComand.Parameters.
I have an asp.net web forms application which when a user tabs out of the username field it checks my database to see if its available or not but the issue I am having is that it always seems to fall into the exists even if it doesn't.
I have watched many videos on it and also read many articles but I can't get it to work at all.
I have provided all my code below.
Config
<add name="PaydayLunchConnectionString1" connectionString="Data Source=********\*******;Initial Catalog=************;Integrated Security=True"
providerName="System.Data.SqlClient" />
HTML
<asp:GridView ID="tblUsers" runat="server" AutoGenerateColumns="False" CellPadding="4" DataSourceID="SqlUsers" GridLines="None" Width="15%">
<AlternatingRowStyle BackColor="White" />
<Columns>
<asp:BoundField DataField="Name" HeaderText="Name" SortExpression="Name" />
</Columns>
<HeaderStyle BackColor="#507CD1" Font-Bold="True" ForeColor="White" />
<RowStyle BackColor="#EFF3FB" />
</asp:GridView>
<asp:SqlDataSource ID="SqlUsers" runat="server" ConnectionString="<%$ ConnectionStrings:PaydayLunchConnectionString1 %>" SelectCommand="SELECT [Name] FROM [Users] WHERE [name] != 'Admin'"></asp:SqlDataSource>
<asp:Label ID="removeUserNotExist" runat="server" Text="The user entered does not exist. Please try again." Visible="false" style="color: red"></asp:Label>
<asp:Label ID="removeUserExists" runat="server" Text="The user entered exists." Visible="false" style="color: green"></asp:Label>
<div class="form-group">
<asp:Label runat="server" AssociatedControlID="txtRemoveUser" CssClass="col-sm-offset-2 col-sm-3 control-label">Enter Name To Be Removed</asp:Label>
<div class="col-sm-3">
<asp:TextBox runat="server" ID="txtRemoveUser" CssClass="form-control" AutoPostBack="true" OnTextChanged="txtRemoveUser_TextChanged" />
</div>
</div>
Code Behind
using System.Data.SqlClient;
using System.Configuration;
using System.Data;
protected void txtRemoveUser_TextChanged(object sender, EventArgs e)
{
if (!string.IsNullOrEmpty(txtRemoveUser.Text))
{
string connection = ConfigurationManager.ConnectionStrings["PaydayLunchConnectionString1"].ConnectionString;
SqlConnection conn = new SqlConnection(connection);
conn.Open();
SqlCommand cmd = new SqlCommand("SELECT * FROM Users WHERE Name != #Name", conn);
cmd.Parameters.AddWithValue("#Name", txtRemoveUser.Text);
SqlDataReader rd = cmd.ExecuteReader();
if (rd.HasRows)
{
removeUserNotExist.Visible = true;
removeUserExists.Visible = false;
}
else
{
removeUserNotExist.Visible = false;
removeUserExists.Visible = true;
}
}
}
DB Details
Table Name = Users
Columns = ID, Name, Password
Users = Test, Test2
If I enter 'Test' in the field and tab out, I get the correct message (Exists) but if i then enter 'ABC' I still get the 'Exists' message.
If there is more than 1 user in your database, this query will always produce rows. Hence, your if statement always produces the same result:
SELECT * FROM Users WHERE Name != #Name
If you want to check if a user name exists, simply check for equality.
SELECT * FROM Users WHERE Name = #Name
If that one returns a row, the user name exists. Otherwise it doesn't.
A better solution would be to use 1 in the select, since that prevents the database to return all row data, a small performance improvement:
SELECT 1 dummy FROM Users WHERE Name = #Name
I have a gridview connected to a database by sqldatasource. I have multiple drop down lists and a table where users can select different data to filter the gridview.
I know how to set this up for one control but have no idea how to do it for multiple ones. Ideally what I would like to do is onfilterButton_Click the code behind connects to a stored procedure in the database. The parameters would depend on the filter options the user has chosen. I just don't know how to write the stored procedure. (I am not the best at SQL)
But I am open to suggestions of better ways to do this. I am using c# visual studios 2010 and sql server 2008.
I have been stuck on this for over a week now so really any practical help would be welcome.
Write One Stored Procedure and Pass DropDownList values as Parameters like this:
CREATE PROC CUST_Details
(
#CustomerID INT,
#CompanyID INT
)
AS
BEGIN
SELECT
Customer.CustomerName,
Company.CompanyName
FROM
Customer INNER JOIN
Company ON Customer.CompanyID = Company.CompanyID
WHERE
(#CompanyID = -1 OR Customer.CompanyID = #CompanyID) AND
(#CustomerID = -1 OR Customer.CustomerID = #CustomerID)
END
Before that, in your DropDownList add item such as "<-----Select----->" as DataTextField and "-1" as DataValueField.
In Both DropDownList SelectedIndexChanged Event, pass DropDownList's SelectedValue as parameters and once again call the database and databind it with the Grid.
If you are not good in writing SP's then you can directly filter your SQL DataSource by using the FilterExpression property.
sql.FilterExpression = "Filteration Expression";
GridView1.DataBind();
Edit: Something that will work for you:
if (DropDownList1.SelectedItem.Text != "All")
{
SqlDataSource1.FilterExpression = "Title like '" + textbox1.Text + "' and Category like " + DropDownList1.SelectedValue;
}
else
{
SqlDataSource1.FilterExpression = "Title like '" + textbox1.Text + "'";
}
GridView1.DataBind();
Below might give you idea how this works, please check:
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>ASP.NET Example</title>
</head>
<body>
<form id="FORM1" runat="server">
<p>Show all employees with the following title:
<asp:DropDownList
id="DropDownList1"
runat="server"
AutoPostBack="True">
<asp:ListItem>Sales Representative</asp:ListItem>
<asp:ListItem>Sales Manager</asp:ListItem>
<asp:ListItem>Vice President, Sales</asp:ListItem>
</asp:DropDownList></p>
<asp:SqlDataSource
id="SqlDataSource1"
runat="server"
ConnectionString="<%$ ConnectionStrings:NorthwindConnection %>"
SelectCommand="SELECT EmployeeID,FirstName,LastName,Title FROM Employees"
FilterExpression="Title='{0}'" OnFiltering="SqlDataSource1_Filtering">
<FilterParameters>
<asp:ControlParameter Name="Title" ControlId="DropDownList1" PropertyName="SelectedValue"/>
</FilterParameters>
</asp:SqlDataSource><br />
<asp:GridView
id="GridView1"
runat="server"
DataSourceID="SqlDataSource1"
AutoGenerateColumns="False">
<columns>
<asp:BoundField Visible="False" DataField="EmployeeID" />
<asp:BoundField HeaderText="First Name" DataField="FirstName" />
<asp:BoundField HeaderText="Last Name" DataField="LastName" />
</columns>
</asp:GridView>
<asp:Label ID="Label1" runat="server" Text="Label"></asp:Label>
</form>
</body>
</html>
Server Side:
protected void SqlDataSource1_Filtering(object sender, SqlDataSourceFilteringEventArgs e)
{
Label1.Text = e.ParameterValues[0].ToString();
}
Your stored procedure would declare all your parameters like so:
CREATE PROCEDURE GetData
#parameter1 varchar(50),
#parameter2 int
etc...
Then you would call your stored procedure with the parameters like:
GetData(dropdownlist1.SelectedItem.Value, dropdownlist2.SelectedItem.Value);
Is that the sort of thing you mean?
UPDATE:
For a situation where the 'All' option was chosen, you could still pass the value as a null parameter, and in the stored procedure you would declare it as 'optional':
CREATE PROCEDURE GetData
#parameter1 varchar(50) = NULL,
#parameter2 int
So the query in your stored procedure would look something like this:
SELECT *
FROM Table
WHERE ((#parameter1 IS NULL) OR (column1 = #parameter1 ))
AND column2 = #parameter2