如何在下拉列表中添加年份值？ [英] How to add year in drop down list value?

问题描述

您好，



我的申请表中有下拉列表。下拉列表内容如下：2010年至2014年列表项目。



现在我的查询是：

Hello,

I have drop down list in my application. Drop down list content is as follows: 2010 to 2014 list item.

now my query is :

string qry = "select DISTINCT(App_Code),App_Name
from Appraisal
where year(App_Date)>='"+drdwnyear.SelectedItem.ToString()+"' and YEAR(App_Date)<='"+Next+"'"

现在在查询中我希望将第一个值设置为下拉列表值&第二个将是下一个选定的下拉列表。例如如果我选择下拉值2013，那么接下来将是2014年。

但我将如何在下拉列表中添加一年的价值。

通常我们将添加年份 .addyear（-1）



如何解决这个问题请帮助我。

Now here in the query i want set first value as drop down list value & second will be the next of selected drop down list. e.g. If i select drop down value 2013 then next will be 2014.
But how i will add one year in drop down list value.
normally we will add year .addyear(-1)

How i will solve this issue please help me.

推荐答案

我不确定我是否理解正确，但我认为您希望根据下拉列表值从数据库中获取数据。

I'm not sure i understand you correctly, but i think you want to fetch data from database based on dropdownlist value.

我不建议使用这样的查询：

I would not recommend to use query like this:

string qry = "select DISTINCT(App_Code),App_Name
from Appraisal
where year(App_Date)>='"+drdwnyear.SelectedItem.ToString()+"' and YEAR(App_Date)<='"+Next+"'";

因为 SQL注入 [ ^ ]。

更多：


< a href =https://msdn.microsoft.com/en-us/library/ff648339.aspx>如何：防止ASP.NET中的SQL注入 [ ^ ]


SQL注入以及如何避免它 [ ^ ]


存储过程是否可以防止SQL注入？ [ ^ ]

because of SQL Injection[^].

More:

How To: Protect From SQL Injection in ASP.NET[^]

SQL Injection and how to avoid it[^]

Do Stored Procedures Protect Against SQL Injection?[^]

而不是上面的查询，使用参数化查询：

Rather then above query, use parametrized query:

string qry = "select DISTINCT(App_Code),App_Name
from Appraisal
where year(App_Date)>=@currYear and YEAR(App_Date)<=@currYear+1";

现在，创建 SqlCommand [ ^ ]并添加 @curYYear 参数到 SqlParametersCollection [ ^ ]

Now, create SqlCommand[^] and add @currYear parameter to the SqlParametersCollection[^]

aSqlCommand.Parameters.AddWithValue("@currYear", DropDownList.SelectedValue);

点击链接查看示例代码。

Follow the links to see sample code.

未经测试，但类似

Untested, but something like

int year = 0;
if (!int.TryParse(drdwnyear.SelectedValue, out year))
{
 // show an error message
 return;
}
string qry = "select DISTINCT(App_Code),App_Name
from Appraisal
where year(App_Date)>="+year.ToString()+" and YEAR(App_Date)<="+(year+1).ToString();

但是你应该使用参数化查询而不是构建动态SQL。

However you should really be using parameterised queries rather than building dynamic SQL.

这篇关于如何在下拉列表中添加年份值？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！