DROPDOWNLIST数据未插入查询 [英] Dropdownlist data not insert in query
问题描述
我选择的DropDownList 值查询,插入,但值保持在查询空白,由于在条件没有任何结果,结果空值。我做不同的花样,但仍然为空
I select the DropDownList value to insert in query but the value remains blank in query and due to empty value in where condition not any result outcome. I do with different tricks but remain empty
if (chkBoxChanl.Checked)
{
sql += " and channelName = '" + ddlChannel.Text + "' ";
}
if (chkBoxDate.Checked)
{
sql += " and transmissionDate_ between '" + tbFrom.Text + "' and '" + tbTo.Text + "'";
}
if (chkBoxProgrm.Checked)
{
sql += " and programName ='" + ddlProgram.Text + "'";
}
if (chkBoxParty.Checked)
{
sql += " and partiesName like '%" + ddlParty.SelectedValue + "%'";
}
if (chkBoxPerson.Checked)
{
sql += " and personsName like '%" + ddlPerson.SelectedItem + "%'";
}
if (chkBoxProvince.Checked)
{
sql += " and ProvinceName like '%" + ddlProvince.SelectedItem + "%'";
}
if (chkBoxCity.Checked)
{
sql += " and CityName like '%" + ddlCity.Text + "%'";
}
如同
-
ddlProgram.Text -
ddlProvince.SelectedItem -
ddlPerson.SelectedValue
选择的DropDownList值显示在查询为空。
ddlProgram.TextddlProvince.SelectedItemddlPerson.SelectedValueselectedDropDownListvalue is shown empty in query.
我能做些什么来增加查询所选择的价值呢?请帮帮我!
What can I do to add the selected value in query? Please help me!
我检查时,我选择哪个来第一次加载的dropdownist值,然后为2Md时间后preSS搜索按钮DropDownList的值空,当我preSS的搜索按钮,它第一次运行的Page_Load函数,如果(!的IsPostBack)被执行,那么所有的DropDownList选择的值变成空造成空值的where子句。现在我想,当我preSS搜索按钮DropDownList的值保持加载,这将解决该问题成为enpty DropDownList的值。请进一步引导我
I check that when I select the dropdownist values which come on first load then 2md time after press search button dropdownlist values empty and when I press search button it first run Page_Load function and if(!IspostBack) is execute then all dropdownlist selected values become empty which cause to empty values in where clause. Now I want that when I press search button dropdownlist values remain loaded which will resolve the issue to become enpty dropdownlist values. Please guide me further
推荐答案
您无法在SQL查询串连您输入字段的值直接。它使您的系统容易受到SQL注入。你至少应该带code你是从这些领域运行这样的SQL查询之前获取什么。您<一个非常重要的是href=\"http://www.google.com.br/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CCwQFjAA&url=http://www.$c$cproject.com/Articles/9378/SQL-Injection-Attacks-and-Some-Tips-on-How-to-$p$pv&ei=8F6SUMKtCIaW2gXRm4G4BQ&usg=AFQjCNEP4ALbK0_qb2rWFaFqZGCelbPKDQ&sig2=Xrz0j7hU-pWnnnsaRqpPUw\"相对=nofollow>之前,提前去阅读本。
You cannot concatenate your input field's values directly in your sql query. It makes your system vulnerable to Sql Injection. You should at least encode what you are retrieving from these fields before running such sql query. It is very important that you read this before going ahead.
仔细看完上面,你可以选择的项目在您的下拉值。你这样做:
After reading the above carefully, you can get the value of the selected item on your dropdown. You do this:
yourDropDown.SelectedItem.Value
如果它没有返回值,这可能是因为您没有设置在下拉列表中的任意值。请记住,根据您的数据源设置:
If it does not return a value, that's probably because you didn't set any value in your dropdown. Remember to set it according to your datasource:
yourDropDown.DataValueField = "TheSourceFieldContainingTheValue";
这篇关于DROPDOWNLIST数据未插入查询的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
