如何在下拉列表中添加年份值? [英] How to add year in drop down list value?
问题描述
您好,
我的申请表中有下拉列表。下拉列表内容如下:2010年至2014年列表项目。
现在我的查询是:
Hello,
I have drop down list in my application. Drop down list content is as follows: 2010 to 2014 list item.
now my query is :
string qry = "select DISTINCT(App_Code),App_Name
from Appraisal
where year(App_Date)>='"+drdwnyear.SelectedItem.ToString()+"' and YEAR(App_Date)<='"+Next+"'"
现在在查询中我希望将第一个值设置为下拉列表值&第二个将是下一个选定的下拉列表。例如如果我选择下拉值2013,那么接下来将是2014年。
但我将如何在下拉列表中添加一年的价值。
通常我们将添加年份 .addyear(-1)
如何解决这个问题请帮助我。
Now here in the query i want set first value as drop down list value & second will be the next of selected drop down list. e.g. If i select drop down value 2013 then next will be 2014.
But how i will add one year in drop down list value.
normally we will add year .addyear(-1)
How i will solve this issue please help me.
推荐答案
我不确定我是否理解正确,但我认为您希望根据下拉列表值从数据库中获取数据。
I'm not sure i understand you correctly, but i think you want to fetch data from database based on dropdownlist value.
我不建议使用这样的查询:
I would not recommend to use query like this:
string qry = "select DISTINCT(App_Code),App_Name
from Appraisal
where year(App_Date)>='"+drdwnyear.SelectedItem.ToString()+"' and YEAR(App_Date)<='"+Next+"'";
更多:
< a href =https://msdn.microsoft.com/en-us/library/ff648339.aspx>如何:防止ASP.NET中的SQL注入 [ ^ ]
SQL注入以及如何避免它 [ ^ ]
存储过程是否可以防止SQL注入? [ ^ ]
because of SQL Injection[^].
More:
How To: Protect From SQL Injection in ASP.NET[^]
SQL Injection and how to avoid it[^]
Do Stored Procedures Protect Against SQL Injection?[^]
而不是上面的查询,使用参数化查询:
Rather then above query, use parametrized query:
string qry = "select DISTINCT(App_Code),App_Name
from Appraisal
where year(App_Date)>=@currYear and YEAR(App_Date)<=@currYear+1";
现在,创建 SqlCommand [ ^ ]并添加 @curYYear
参数到 SqlParametersCollection [ ^ ]
Now, create SqlCommand[^] and add @currYear
parameter to the SqlParametersCollection[^]
aSqlCommand.Parameters.AddWithValue("@currYear", DropDownList.SelectedValue);
点击链接查看示例代码。
Follow the links to see sample code.
未经测试,但类似
Untested, but something like
int year = 0;
if (!int.TryParse(drdwnyear.SelectedValue, out year))
{
// show an error message
return;
}
string qry = "select DISTINCT(App_Code),App_Name
from Appraisal
where year(App_Date)>="+year.ToString()+" and YEAR(App_Date)<="+(year+1).ToString();
但是你应该使用参数化查询而不是构建动态SQL。
However you should really be using parameterised queries rather than building dynamic SQL.
这篇关于如何在下拉列表中添加年份值?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!