无法获得多个列表框选择的记录。 [英] Unable to get record on multiple selection of listbox.
本文介绍了无法获得多个列表框选择的记录。的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
i have a listbox and gridview,if i made multple selection of item of listbox , data of last item show only ..i want to show record of all selected item of listbox
我的尝试:
What I have tried:
protected void searchname_date()
{
if (ListBox1.Items.Count > 0)
{
for (int i = 0; i < ListBox1.Items.Count; i++)
{
if (ListBox1.Items[i].Selected)
{
string selectedItem = ListBox1.Items[i].Text;
SqlConnection cnn = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString);
string Query = "SELECT * FROM [dsr_data] where (date_time between '" + TextBox1.Text + "' and '" + TextBox4.Text + "') And session_name='" + selectedItem + "'";
DataTable dtAdmin = new DataTable();
SqlDataAdapter da;
da = new SqlDataAdapter(Query, cnn);
da.Fill(dtAdmin);
if (dtAdmin.Rows.Count > 0)
{
GVmydsr.DataSource = dtAdmin;
GVmydsr.DataBind();
}
else
{
GVmydsr.DataSource = null;
GVmydsr.DataBind();
}
}
}
}
}
推荐答案
尝试
try
protected void searchname_date()
{
List<string> lstSelectedItems = new List<string>();
if (ListBox1.Items.Count > 0)
for (int i = 0; i < ListBox1.Items.Count; i++)
if (ListBox1.Items[i].Selected)
lstSelectedItems.Add(ListBox1.Items[i].Text);
string inQuery = string.Join("','", lstSelectedItems);
inQuery = "'" + inQuery + "'";
SqlConnection cnn = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString);
string Query = "SELECT * FROM [dsr_data] where (date_time between @from and @to ) And session_name in ({0})";
Query = string.Format(Query, inQuery);
SqlCommand cmd = new SqlCommand(Query, cnn);
cmd.Parameters.AddWithValue("@from", TextBox1.Text);
cmd.Parameters.AddWithValue("@to", TextBox4.Text);
DataTable dtAdmin = new DataTable();
SqlDataAdapter da;
da = new SqlDataAdapter(Query, cnn);
da.Fill(dtAdmin);
if (dtAdmin.Rows.Count > 0)
GVmydsr.DataSource = dtAdmin;
else
GVmydsr.DataSource = null;
GVmydsr.DataBind();
}
注意:格式化sql查询字符串是易受攻击到 SQL注入 [ ^ ]攻击
始终使用参数化查询以防止SQL Server中的SQL注入攻击 [ ^ ]
Note:Formatting the sql Query string is vulnerable to SQL Injection[^] attacks
always use Parameterized queries to prevent SQL Injection Attacks in SQL Server[^]
这篇关于无法获得多个列表框选择的记录。的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文