如何将网格视图中的下拉(动态)值存入按钮单击功能? [英] How to get dropdown( which is dynamic) value present inside grid-view into button click function?
问题描述
Hi,i have added dynamic drop down list to the grid-view columns starting from 5th column in row databound.Now i want to save those dropdown values to the database using button click function.When i tried doing so,by getting the droodown selected value in button click ,its taking null value.Please help me out in this.
< b>我尝试了什么:
What I have tried:
protected void Button1_Click(object sender, EventArgs e)
{
foreach (GridViewRow row in GridView1.Rows)
{
// int devopsid = (int)GridView1.DataKeys[row.RowIndex].Value;
if (row.RowType == DataControlRowType.DataRow)
{
// string ddlValue = row.Cells[5].Text;
// foreach (DropDownList ddl in GridView1.Rows)
// {
// for (int j = 0; j < GridView1.Rows.Count; j++)
// {
for (int i = 5; i < row.Cells.Count; i++)
{
//string str = ht[devopsid].ToString(); GridView1_ddl5_0
//var ddl1 = (DropDownList)dataRow.Cells[3].FindControl("ddl1");
DropDownList ddl1 = row.Cells[i].FindControl("ddl") as DropDownList;
// for (int i = 5; i < row.Cells.Count; i++) {
// DropDownList ddl = (DropDownList)((Control)).NamingContainer.FindControl("ddl");
// String selectedValue = ddl.SelectedValue;
if (GridView1.HeaderRow.Cells[i].Text == DropDownList1.SelectedItem.Text.Trim())
{
string query = " update devopstable set " + GridView1.HeaderRow.Cells[i].Text + " = '"+ddl1.SelectedItem.Value+"' ";
SqlCommand cmd = new SqlCommand(query, cnn1);
cnn1.Open();
// cmd.Parameters.AddWithValue("@devopsid", devopsid);
cmd.ExecuteNonQuery();
cnn1.Close();
}
//}
}
}
// }
}
}
及以下是行数据绑定事件。
and below is row databound event.
protected void GridView1_RowDataBound(object sender, GridViewRowEventArgs e)
{
// int devopsid = Convert.ToInt16(GridView1.DataKeys[RowIndex].Values["devopsid"].ToString());
if (e.Row.RowType == DataControlRowType.DataRow)
{
for (int i = 5; i < e.Row.Cells.Count; i++)
{
DropDownList ddl = new DropDownList();
ddl.ID = "ddl" + i;
// ddl.SelectedIndex = 0;
ddl.Items.Add("Yes");
ddl.Items.Add("No");
ddl.DataBind();
e.Row.Cells[i].Controls.Add(ddl);
}
}
}
推荐答案
ddl.ID = "ddl" + i;
...
row.Cells[i].FindControl("ddl")
您使用ID创建列表 ddl5
, ddl6
等;但你试图找到一个ID ddl
的控件,没有数字后缀。
添加 FindControl
中的后缀:
You create the lists with the IDs ddl5
, ddl6
, etc.; but you're trying to find a control with the ID ddl
, without the numeric suffix.
Add the suffix in your FindControl
call:
DropDownList ddl1 = row.Cells[i].FindControl("ddl" + i) as DropDownList;
string query = " update devopstable set " + GridView1.HeaderRow.Cells[i].Text + " = '"+ddl1.SelectedItem.Value+"' ";
不要这样做!您的代码容易受到 SQL注入 [ ^ ]。 从不使用字符串连接来构建SQL查询。 始终使用参数化查询。
不幸的是,您不能使用参数来表示列名。您需要验证用户无法控制列名。
Don't do it like that! Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.
Unfortunately, you can't use a parameter to represent a column name. You'll need to verify that there is no way for the user to control the column name.
string columnName = GridView1.HeaderRow.Cells[i].Text; // TODO: Validate this column name!
string query = "UPDATE devopstable SET [" + columnName + "] = @Value";
using (SqlCommand cmd = new SqlCommand(query, cnn1))
{
cmd.Parameters.AddWithValue("@Value", ddl1.SelectedItem.Value);
cnn1.Open();
cmd.ExecuteNonQuery();
cnn1.Close();
}
你想知道关于SQL注入的一切(但不敢问)|特洛伊亨特 [ ^ ]
如何在没有技术术语的情况下解释SQL注入? |信息安全堆栈交换 [ ^ ]
查询参数化备忘单| OWASP [ ^ ]
Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
Query Parameterization Cheat Sheet | OWASP[^]
这篇关于如何将网格视图中的下拉(动态)值存入按钮单击功能?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!