下拉选择值不起作用 [英] The dropdown sectedvalue does not work
本文介绍了下拉选择值不起作用的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我尝试从下拉选定的月份中选择出生日期,但未选择该值。这是代码asp.net和C#代码
asp.net
I tried to selected the birth date from drop down by selected Months, but does not selected the value. Here is the code asp.net and C# code
asp.net
<div> <asp:DropDownList ID="DropDownList1" runat="server" OnSelectedIndexChanged="DropDownList1_SelectedIndexChanged" Height="32px" Width="250px" AutoPostBack="true" >
<asp:ListItem Value="0">Select All</asp:ListItem>
<asp:ListItem Value="1">January</asp:ListItem>
<asp:ListItem Value="2">February</asp:ListItem>
<asp:ListItem Value="3">March</asp:ListItem>
<asp:ListItem Value="4">April</asp:ListItem>
<asp:ListItem Value="5">May</asp:ListItem>
<asp:ListItem Value="6">Jun</asp:ListItem>
<asp:ListItem Value="7">July</asp:ListItem>
<asp:ListItem Value="8">August</asp:ListItem>
<asp:ListItem Value="9">September</asp:ListItem>
<asp:ListItem Value="10">October</asp:ListItem>
<asp:ListItem Value="11">November</asp:ListItem>
<asp:ListItem Value="12">December</asp:ListItem>
</asp:DropDownList> </div>
<div> <asp:GridView AutoGenerateColumns="False" ID="GridView1" AllowPaging="True" AllowSorting="True" OnPageIndexChanging="GridView1_PageIndexChanging"
runat="server" Width="100%" Font-Size="Medium" CellPadding="4" ForeColor="#333333" GridLines="None" >
<AlternatingRowStyle BackColor="White" />
<Columns>
<asp:TemplateField HeaderText=" BirthDay" ItemStyle-HorizontalAlign="left"> <ItemTemplate>
<asp:Label ID="lbldep" runat="server" Text='<%#Eval ("Birthday" ,"{0:MMMM}")%>'></asp:Label>
<asp:Label ID="Label3" runat="server" Text='<%#Eval ("Birthday", "{0:MMMM dd (ddd)}") %>'></asp:Label>
<span style="color:silver">Office Phone:</span> <asp:label id="lblphone" Text = '<%# Eval("BusinessPhone") %>' runat="server"/>
<asp:Panel ID="Panel1" runat="server" Visible='<%# Eval ("Photo") != DBNull.Value %>'><a class='fancybox' href='/images/employee_photos/<%#Eval("Photo") %>' title='<%# Eval("First_Name") %>'></a></asp:Panel>
<asp:Label ID="lblName" runat="server" Text='<%#Eval("Last_Name")%>'></asp:Label>
<asp:Label ID="lblFirstname" runat="server" Text='<%#Eval("First_Name")%>'></asp:Label>
</ItemTemplate>
</asp:TemplateField>
</Columns>
</asp:GridView>
我尝试过:
C#代码
What I have tried:
C# code
public partial class TestFilterMonth : System.Web.UI.Page
{
static string constr = ConfigurationManager.ConnectionStrings["IntranetConnectionString"].ConnectionString;
SqlConnection con = new SqlConnection(constr);
protected void Page_Load(object sender, EventArgs e)
{
BindGrid();
}
private void BindGrid()
{
DataSet ds = new DataSet();
string query = "SELECT Employee.Photo, convert(datetime, (convert(varchar(2), month(Birthday)) + '/' + " +
"convert(varchar(2), day(Birthday)) + '/' + " +
"convert(varchar(4), year(getdate())))) AS Birthday, " +
" Employee.First_Name, Employee.Last_Name, Employee.BusinessPhone," +
"Employee.First_Name, Employee.Last_Name, Employee.BusinessPhone " +
" From Employee WHERE Birthday IS NOT NULL Order By Birthday";
SqlCommand cmd = new SqlCommand(query, con);
SqlDataAdapter da = new SqlDataAdapter(cmd);
if (query != null)
{
da.Fill(ds);
con.Open();
cmd.ExecuteNonQuery();
con.Close();
GridView1.DataSource = ds.Tables[0];
GridView1.DataBind();
}
}
protected void DropDownList1_SelectedIndexChanged(object sender, EventArgs e)
{
try
{
string query = "SELECT Employee.Photo, convert(datetime, (convert(varchar(2), month(Birthday)) + '/' + " +
"convert(varchar(4), year(getdate())))) AS Birthday, " +
" Employee.First_Name, Employee.Last_Name, Employee.BusinessPhone," +
"Employee.First_Name, Employee.Last_Name, Employee.BusinessPhone " +
" From Employee WHERE Birthday = '" + DropDownList1.SelectedValue + "'";
SqlCommand cmd = new SqlCommand(query, con);
SqlDataAdapter da = new SqlDataAdapter(cmd);
DataTable dt = new DataTable();
da.Fill(dt);
if (dt.Rows.Count > 0)
{
GridView1.DataSource = dt;
GridView1.DataBind();
}
if (DropDownList1.SelectedIndex == 0)
{
BindGrid();
}
else if (DropDownList1.SelectedIndex == 1)
{
GridView1.DataSource = dt;
GridView1.DataBind();
}
else if (DropDownList1.SelectedIndex == 2)
{
GridView1.DataSource = dt;
GridView1.DataBind();
}
}
catch
{
string message = DropDownList1.SelectedItem.Text + " - " + DropDownList1.SelectedItem.Value;
ClientScript.RegisterStartupScript(this.GetType(), "alert", "alert('" + message + "');", true);
}
}
public void GridView1_PageIndexChanging(Object sender, GridViewPageEventArgs e)
{
GridView1.PageIndex = e.NewPageIndex;
BindGrid();
}
}
推荐答案
Quote:
" From Employee WHERE Birthday = '" + DropDownList1.SelectedValue + "'"
根据您之前的查询,生日列包含表示员工出生日期的日期值。您试图将该日期值与整数进行比较,这不会起作用。
您需要选择 Month的行(生日)等于所选值。
但你还需要修复 SQL注入 [ ^ ]您的代码中的漏洞。
Based on your previous query, the Birthday column contains a date value representing the employee's date of birth. You are trying to compare that date value to an integer, which is not going to work.
You need to select the rows where Month(Birthday) is equal to the selected value.
But you also need to fix the SQL Injection[^] vulnerability in your code.
protected void DropDownList1_SelectedIndexChanged(object sender, EventArgs e)
{
const string query = "SELECT Employee.Photo, "
+ " convert(datetime, (convert(varchar(2), month(Birthday)) + '/' + convert(varchar(4), year(getdate())))) AS Birthday, "
+ " Employee.First_Name, Employee.Last_Name, Employee.BusinessPhone,"
+ " Employee.First_Name, Employee.Last_Name, Employee.BusinessPhone "
+ " From Employee WHERE month(Birthday) = @month";
int month;
int.TryParse(DropDownList1.SelectedValue, out month);
if (month == 0)
{
BindGrid();
return;
}
using (var connection = new SqlConnection(constr))
using (var command = new SqlCommand(query, connection))
{
command.Parameters.AddWithValue("@month", month);
var da = new SqlDataAdapter(command);
var dt = new DataTable();
da.Fill(dt);
GridView1.DataSource = dt;
GridView1.DataBind();
}
}
你想知道关于SQL注入的一切(但不敢问)特洛伊亨特 [ ^ ]
如何在没有技术术语的情况下解释SQL注入? |信息安全堆栈交换 [ ^ ]
查询参数化备忘单| OWASP [ ^ ]
Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
Query Parameterization Cheat Sheet | OWASP[^]
这篇关于下拉选择值不起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
