查找selectedrow的datakey并将其作为查询字符串发送 [英] Find datakey of selectedrow and send it as querystring

问题描述

hi
i有一个带有模板字段的网格视图，其中包含一个图像按钮，你可以在下面的截图中看到它

我的网格视图

我希望当用户点击该图像按钮（编辑按钮）时，用户将被重定向到名为：EditUser.aspx的编辑页面发送所选行的DataKey作为查询字符串该名称：stcode

所以我为此作业编写此代码

hi i have a grid-view with a template field that contain an image button and u can see it in below screenshot
My Gridview
all right i want to when user click on that image button(Edit Button) user will be redirected to the edit page named : EditUser.aspx and send DataKey of Selected row as a Query string That name : stcode
so i write this code for this job

int selectedRow;
protected void imgBtnEdit_Click(object sender, ImageClickEventArgs e)
{
    GridViewRow row = this.GridStudent.SelectedRow;
    selectedRow = int.Parse(GridStudent.DataKeys[row.RowIndex].Value.ToString());
    Response.Redirect("~/Admin/EditUser.aspx?" +
        "stcode=" + selectedRow);
}

主页中的
并在EditUser.aspx中写下此代码

in the MainPage and Write this Code in the EditUser.aspx

protected void Page_Load(object sender, EventArgs e)
{
   usercode = Request.QueryString["stcode"];
   GetData();
}

我尝试过：

What I have tried:

private void GetData()
{
    DataTable dt = new DataTable();
    con.Open();
    SqlCommand sqlCmd = new SqlCommand("SELECT count(*) from Student where St_Code='" + usercode + "'", con);
    SqlDataAdapter sqldata = new SqlDataAdapter();
    sqldata.Fill(dt);

    if (dt.Rows.Count > 0)
    {
        lblName.Text = dt.Rows[0]["St_Name"].ToString(); //Where ColumnName is the Field from the DB that you want to display
        lblFamily.Text = dt.Rows[0]["St_Family"].ToString();
        lblStcode.Text = dt.Rows[0]["St_Code"].ToString();
        tbPassword.Text = dt.Rows[0]["St_Password"].ToString();
    }
    con.Close();
}

但每次都会返回stcode = 0 :(

i知道问题是主页，但我不知道如何解决它

but everytime it will return stcode=0 :(
i know the problem is the mainpage but i dont know how to solve it

推荐答案

试试这个

try this

protected void imgBtnEdit_Click(object sender, ImageClickEventArgs e)
      {
          GridViewRow row = ((Control)sender).Parent.NamingContainer as GridViewRow;
          string key = GridStudent.DataKeys[row.RowIndex].Value.ToString();
          Response.Redirect("~/Admin/EditUser.aspx?stcode=" +  key);
      }

格式化sql查询字符串易受攻击到 SQL注入 [ ^ ]攻击

总是使用参数化查询以防止SQL Server中的SQL注入攻击 [ ^ ]

Formatting the sql Query string is vulnerable to SQL Injection[^] attacks
always use Parameterized queries to prevent SQL Injection Attacks in SQL Server[^]

SqlCommand sqlCmd = new SqlCommand("SELECT *  from Student where St_Code=@code", con);
sqlCmd.Parameters.AddWithValue("@code", usercode);

根据评论，没有必要得到从表中计算并尝试在文本框中填充，它将抛出未找到列的错误，将其替换为所需的列或只添加*到选择。

as per comments its no point of getting the count from the table and trying to populate in the textbox, it will throw column not found error, replace it with the desired columns or just add * to the selection .

这篇关于查找selectedrow的datakey并将其作为查询字符串发送的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！