我尝试了代码,但它无法正常工作 [英] i tried the code but it is not working
问题描述
在gridview按钮中我想根据条件进行着色。
Gridview如下
< pre lang =text> Studid Studname Medical
1123 Ramesh HIMT(按钮)应为红色
2313 Suresh HIMT(按钮)应为绿色
学生专业桌如下
Studid Pm_Prof_code Sp_issu_dt
1123 Medrep 2015年7月7日
2313 Medrep 2015年7月13日
在gridview的医疗专栏下,对于studid 1123,如果sp_issu_dt日期小于今天意味着我想在专栏下面给出红色颜色医疗
类似于studid 2313,如果sp_issu_dt大于今天意味着我想在医疗栏下给出绿色。
为此我将代码视为跟随
私有 void Selectbatch()
{
SQl = 从student_professional中选择sp_issu_dt,其中stud_id = + id + 和pm_prof_code ='medrep';
ds = SCon.ReadSql_DS(SQl);
if (ds.Tables [ 0 ]。Rows.Count!= 0 )
{
ViewState [ Medical ] = MedRep;
if (Convert.ToDateTime(ds.Tables [ 0 ]。行[ 0 ] [ 0 ]。ToString())> Convert.ToDateTime(GetDate))
{
med = himt ;
ViewState [ color] = 绿色;
}
if (Convert.ToDateTime(ds.Tables [ 0 ]。行[ 0 ] [ 0 ]。ToString()) < Convert.ToDateTime(GetDate))
{
med = himt ;
ViewState [ color] = 红色;
}
}
}
受保护 void Grd1_DataBound( object sender,EventArgs e)
{
Button BtnMedical =(Button)Grd1.Rows [i] .FindControl( BtnMedical);
if ( null != BtnMedical)
{
if (BtnMedical.Text == HIMT )
{
if (ViewState [ Medical] == MedRep)
{
if (ViewState [ color] == 绿色)
{
BtnMedical.BackColor = System.Drawing.Color.Green;
BtnMedical.ForeColor = System.Drawing.Color.Black;
}
else
{
BtnMedical.BackColor = System.Drawing.Color.Red;
BtnMedical.ForeColor = System.Drawing.Color.Black;
}
}
}
}
}
当我在gridview中运行时如下
Studid Studname Medical
1123 Ramesh HIMT(按钮)应为红色
2313 Suresh HIMT(按钮)应为红色
对于两个仅有红色的医疗专栏显示。
但是对于2313专栏,sp_issu_dt日期仅大于今天的日期。
在运行模式下该sutdid我想显示该学生的医疗专栏只显示红色。
来自我的上面代码我犯了什么错误。
请帮助我。
首先,永远不要将值直接连接到SQL语句。这使您可以打开SQL注入,可能的转换问题等。而是使用 SqlParameter [ ^ ]
关于该行的Thena
if (Convert.ToDateTime(ds.Tables [ 0 ]。行[ 0 ] [< span class =code-digit> 0 ]。ToString())> Convert.ToDateTime(GetDate))
在该语句中,您只检查结果集中第一行的第一列。你不应该遍历结果集并决定每一行的着色。
另外我没有找到GetDate的代码所以也可能有问题。为什么不使用System.DateTime.Now。
一种可能是您选择了SQL中已有的颜色。这样您就不需要在呼叫方面进行任何循环。例如
SELECT sp_issu_dt,
CASE
WHEN sp_issu_dt< GETDATE() THEN ' Green'
ELSE ' Red'
END AS COlor
FROM student_professional
WHERE ...
除了解决方案1,关于SQL注入,这是你的主要问题。
问题来自通过连接从UI获取的字符串组成的查询。不仅重复的字符串连接是低效的(因为字符串是不可变的;我是否必须解释为什么它会使重复连接变坏?),但是有更重要的问题:它打开了通向良好的大门已知的漏洞称为 SQL注入。
这是它的工作原理: http://xkcd.com/327 。
你明白了吗?从控件中获取的字符串可以是任何东西,包括......一段SQL代码。
怎么办?只需阅读有关此问题和主要补救措施:参数化语句: http://en.wikipedia.org/ wiki / SQL_injection 。
使用ADO.NET,使用:http://msdn.microsoft.com/en-us/library/ff648339.aspx 。
请参阅我过去的答案有更多细节:
在com.ExecuteNonQuery中更新EROR( ); ,
嗨姓名不显示?。
-SA
In gridview button i want to color based on condition.
Gridview as follows
Studid Studname Medical
1123 Ramesh HIMT (Button) should be in red color
2313 Suresh HIMT (Button) should be in green color
Student professional table as follows
Studid Pm_Prof_code Sp_issu_dt
1123 Medrep 07 July 2015
2313 Medrep 13 July 2015
In gridview Under Medical column, for studid 1123 if sp_issu_dt date is lesser than the today means i want to give Red color under the column Medical
similarily for studid 2313 if sp_issu_dt is greater than the today means i want to give Green color under the column Medical.
for that i wirtten the code as follows
Private void Selectbatch()
{
SQl = "select sp_issu_dt from student_professional where stud_id = " + id + " and pm_prof_code = 'medrep'";
ds = SCon.ReadSql_DS(SQl);
if (ds.Tables[0].Rows.Count != 0)
{
ViewState["Medical"] = "MedRep";
if (Convert.ToDateTime(ds.Tables[0].Rows[0][0].ToString()) > Convert.ToDateTime(GetDate))
{
med = "himt";
ViewState["color"] = "Green";
}
if (Convert.ToDateTime(ds.Tables[0].Rows[0][0].ToString()) < Convert.ToDateTime(GetDate))
{
med = "himt";
ViewState["color"] = "Red";
}
}
}
protected void Grd1_DataBound(object sender, EventArgs e)
{
Button BtnMedical = (Button)Grd1.Rows[i].FindControl("BtnMedical");
if (null != BtnMedical)
{
if (BtnMedical.Text == "HIMT")
{
if (ViewState["Medical"] == "MedRep")
{
if (ViewState["color"] == "Green")
{
BtnMedical.BackColor = System.Drawing.Color.Green;
BtnMedical.ForeColor = System.Drawing.Color.Black;
}
else
{
BtnMedical.BackColor = System.Drawing.Color.Red;
BtnMedical.ForeColor = System.Drawing.Color.Black;
}
}
}
}
}
When i run in gridview as follows
Studid Studname Medical
1123 Ramesh HIMT (Button) should be in red color
2313 Suresh HIMT (Button) should be in red color
for both the studid Under medical column shows in red color only.
But for 2313 stud id sp_issu_dt date is greater than today's date only.
in run mode for that sutdid i want to show Medical column for that student shows in red color only.
from my above code what is the mistake i made.
please help me.
First of all, never concatenate values directly to the SQL statements. This leaves you open to SQL injections, possible conversion problems and so on. Instead use SqlParameter[^]
Thena about the line
if (Convert.ToDateTime(ds.Tables[0].Rows[0][0].ToString()) > Convert.ToDateTime(GetDate))
In that statement you only check the first column of the first line in the result set. Shouldn't you loop through the result set and decide the coloring per each row.
Also I didn't find the code for theGetDateso there could also be problems. Why not useSystem.DateTime.Now.
One possibility is that you chose the color already in the SQL. This way you won't need any loops on the calling side. For example
SELECT sp_issu_dt, CASE WHEN sp_issu_dt < GETDATE() THEN 'Green' ELSE 'Red' END AS COlor FROM student_professional WHERE ...
In addition to Solution 1, about SQL injection, which is you major problem.
The problems comes from the query composed by concatenation with strings taken from UI. Not only repeated string concatenation is inefficient (because strings are immutable; do I have to explain why it makes repeated concatenation bad?), but there is way more important issue: it opens the doors to a well-known exploit called SQL injection.
This is how it works: http://xkcd.com/327.
Are you getting the idea? The string taken from a control can be anything, including… a fragment of SQL code.
What to do? Just read about this problem and the main remedy: parametrized statements: http://en.wikipedia.org/wiki/SQL_injection.
With ADO.NET, use this: http://msdn.microsoft.com/en-us/library/ff648339.aspx.
Please see my past answers for some more detail:
EROR IN UPATE in com.ExecuteNonQuery();,
hi name is not displaying in name?.
—SA
这篇关于我尝试了代码,但它无法正常工作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
