如何使用存储过程ASP.NET C#执行此代码 [英] How to do this code using stored procedure ASP.NET C#
本文介绍了如何使用存储过程ASP.NET C#执行此代码的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我想使用存储过程在aspx.cs页面中使用搜索查询。怎么样?
我想知道如何在Aspx.cs页面上做到这一点?
请检查我的存储过程代码。
我尝试过:
i want to use search query in aspx.cs page using stored procedure. how ?
i want to know how to do it on Aspx.cs page ?
please check my stored procedure code .
What I have tried:
ALTER PROCEDURE dbo.SP_searchitem
(
@srch varchar(50)
)
AS
BEGIN
SELECT phonename
FROM legacy WHERE phonename=@srch
END
protected void Button1_Click(object sender, EventArgs e)
{
string search = TextBox1.Text;
Session["search"] = search;
Response.Redirect("Mainsearch.aspx");
}
SqlConnection con = new SqlConnection();
string search;
string query;
protected void Page_Load(object sender, EventArgs e)
{
con.ConnectionString = ConfigurationManager.ConnectionStrings["conn"].ConnectionString;
con.Open();
try
{
search = Convert.ToString(Session["search"]);
query = "select * from legacy where upper(phonename) like '%" + search.ToUpper().ToString() + "%'";
SqlDataSource1.SelectCommand = query;
SqlDataSource1.DataBind();
lbl_page_heading.Text = Convert.ToString(search);
Page.Title = Convert.ToString(search);
lbldate.Text = "" + "" + (DateTime.Now.ToString("dd/MMM/yyyy"));
con.Close();
}
catch (Exception ex)
{
Response.Write(ex.ToString());
}
}
推荐答案
编写一个已排序的过程来使用参数,然后...你不使用存储过程,而是让自己对SQL注入敞开大门。
你不需要SP来做基本的选择。一定要在你的应用程序中编码,但使用参数化查询来避免数据库损坏或被用户删除...
You write a sorted procedure to use a parameter, and then ... you don't use the stored procedure but leave yourself wide open to SQL injection instead.
You don't need an SP to do a basic select. Code it in you app by all means, but use a parameterised query to avoid your database being damages or deleted by your users...
search = Convert.ToString(Session["search"]);
query = "SELECT * FROM legacy WHERE UPPER(phonename) like '%' + @SS + '%'";
SqlDataSource1.SelectCommand = query;
SqlDataSource1.SelectParameters.AddWithValue("@SS", search.ToUpper());
Quote:
实际上我不知道如何使用存储过程与Aspx.cs
actually i don't know how to use stored procedure with Aspx.cs
它与原始查询版本几乎相同:
It's pretty much the same as the "raw query" version:
SqlDataSource1.SelectCommandType = SqlDataSourceCommandType.StoredProcedure;
SqlDataSource1.SelectCommand = "SP_searchitem";
SqlDataSource1.SelectParameters.AddWithValue("@srch", "Text to search for");
这篇关于如何使用存储过程ASP.NET C#执行此代码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文