如何使用存储过程ASP.NET C＃执行此代码 [英] How to do this code using stored procedure ASP.NET C#

问题描述

我想使用存储过程在aspx.cs页面中使用搜索查询。怎么样？



我想知道如何在Aspx.cs页面上做到这一点？



请检查我的存储过程代码。



我尝试过：

i want to use search query in aspx.cs page using stored procedure. how ?

i want to know how to do it on Aspx.cs page ?

please check my stored procedure code .

What I have tried:

ALTER PROCEDURE dbo.SP_searchitem
	
	(
	@srch varchar(50)
	)
	
AS
BEGIN
SELECT phonename 
FROM legacy WHERE phonename=@srch
END	

protected void Button1_Click(object sender, EventArgs e)
    {
        string search = TextBox1.Text;
        Session["search"] = search;
        Response.Redirect("Mainsearch.aspx");
    }

SqlConnection con = new SqlConnection();
    
    string search;
    string query;
    protected void Page_Load(object sender, EventArgs e)
    {
        
        con.ConnectionString = ConfigurationManager.ConnectionStrings["conn"].ConnectionString;
        con.Open();
        try
        {
            search = Convert.ToString(Session["search"]);
            query = "select * from legacy where upper(phonename) like '%" +  search.ToUpper().ToString() + "%'";
  
             SqlDataSource1.SelectCommand = query;
                SqlDataSource1.DataBind();
                lbl_page_heading.Text = Convert.ToString(search);
                Page.Title = Convert.ToString(search);
                lbldate.Text = "" + "" + (DateTime.Now.ToString("dd/MMM/yyyy"));
                con.Close();
        }
        catch (Exception ex)
        {
            Response.Write(ex.ToString());
        }

    }

推荐答案

编写一个已排序的过程来使用参数，然后...你不使用存储过程，而是让自己对SQL注入敞开大门。



你不需要SP来做基本的选择。一定要在你的应用程序中编码，但使用参数化查询来避免数据库损坏或被用户删除...

You write a sorted procedure to use a parameter, and then ... you don't use the stored procedure but leave yourself wide open to SQL injection instead.

You don't need an SP to do a basic select. Code it in you app by all means, but use a parameterised query to avoid your database being damages or deleted by your users...

search = Convert.ToString(Session["search"]);
query = "SELECT * FROM legacy WHERE UPPER(phonename) like '%' + @SS + '%'";  
SqlDataSource1.SelectCommand = query;
SqlDataSource1.SelectParameters.AddWithValue("@SS", search.ToUpper());

Quote：

实际上我不知道如何使用存储过程与Aspx.cs

actually i don't know how to use stored procedure with Aspx.cs

它与原始查询版本几乎相同：

It's pretty much the same as the "raw query" version:

SqlDataSource1.SelectCommandType = SqlDataSourceCommandType.StoredProcedure;
SqlDataSource1.SelectCommand = "SP_searchitem";
SqlDataSource1.SelectParameters.AddWithValue("@srch", "Text to search for");

这篇关于如何使用存储过程ASP.NET C＃执行此代码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！