Making a dynamic gridview matrix with 'LIKE' - asp.net

Earlier I had a question that and was given some excellent direction from Nikki9696 reguarding dynamic datasource values for my gridview which I'm showing below as I currently have it implemented and working. This works quite well. I have laid out a series of text boxes with label above them directly above my grid view and the user can either leave them blank (resulting in no filtering of records) or provide values that would match items in any one of the corresponding columns represented by the text boxes which would limit that column to only that value as part of the filter and at the same time allow the user to compound multiple boxes to narrow the filter as well. Works really well!
I would really like to take it one step further and have wrestled with it for about week and gotten no where despite experimenting and searching for examples on the web of where someone is doing similar filtering. I'd like each of these to function instead of being = or null to LIKE or null in that way my users could supply partial information in the text boxes to pull up results rather than an exact match. I just can't figure out how to alter my WHERE clause to do this.
<asp:SqlDataSource ID="InventoryList" runat="server" ConnectionString='<%$ ConnectionStrings:CMDB_testConnectionString %>' SelectCommand="SELECT [AssetID], [AssetType], [AssetName], [AssetShortDesc], [AssetLongDesc], [AssetAddNotes], [AssetManuf], [AssetModel], [AssetTag], [AssetSerialNum], [AssetAcqDate], [AssetDTAssetID], [AssetLocGrp], [AssetLoc1], [AssetLoc2], [AssetLoc3], [AssetParent], [AssetStatus], [AssetPropType], [AssetPrimUser], [AssetEntered], [AssetEnteredBy], [AssetOwner], [AssetCompany], [AssetPriIPAddr], [AssetPriMACAddr], [AssetPriOS], [AssetPriOSSP], [AssetNotes], [AssetAdminGrp], [AssetOrgID], [AssetOperType], [AssetOperStatus] FROM [cmdbv_Assets_CInTrac] where AssetID=isnull(#AssetID,AssetID) and AssetName=isnull(#AssetName,AssetName) and AssetType=isnull(#AssetType,AssetType) and AssetManuf=isnull(#AssetManuf,AssetManuf) and AssetModel=isnull(#AssetModel,AssetModel) and AssetTag=isnull(#AssetTag,AssetTag) and AssetSerialNum=isnull(#AssetSerialNum,AssetSerialNum) and AssetDTAssetID=isnull(#AssetDTAssetID,AssetDTAssetID) and AssetLocGrp=isnull(#AssetLocGrp,AssetLocGrp) and AssetLongDesc=isnull(#AssetLongDesc,AssetLongDesc) and AssetOrgID=isnull(#AssetOrgID,AssetOrgID) and AssetPriIPAddr=isnull(#AssetPriIPAddr,AssetPriIPAddr) and AssetStatus=isnull(#AssetStatus,AssetStatus)" CancelSelectOnNullParameter="false">
<SelectParameters>
<asp:Controlparameter Name="AssetID" ControlID="AssetIDTbx" Type="String" ConvertEmptyStringToNull="true" />
<asp:ControlParameter Name="AssetName" ControlID="AssetNameTbx" Type="String" ConvertEmptyStringToNull="true" />
<asp:ControlParameter Name="AssetType" ControlID="AssetTypeTbx" Type="String" ConvertEmptyStringToNull="true" />
<asp:ControlParameter Name="AssetShortDesc" ControlID="AssetShortDescTbx" Type="String" ConvertEmptyStringToNull="true" />
<asp:ControlParameter Name="AssetManuf" ControlID="AssetManufTbx" Type="String" ConvertEmptyStringToNull="true" />
<asp:ControlParameter Name="AssetModel" ControlID="AssetModelTbx" Type="String" ConvertEmptyStringToNull="true" />
<asp:ControlParameter Name="AssetTag" ControlID="AssetTagTbx" Type="String" ConvertEmptyStringToNull="true" />
<asp:ControlParameter Name="AssetSerialNum" ControlID="AssetSerialNumTbx" Type="String" ConvertEmptyStringToNull="true" />
<asp:ControlParameter Name="AssetDTAssetID" ControlID="AssetDTAssetIDTbx" Type="String" ConvertEmptyStringToNull="true" />
<asp:ControlParameter Name="AssetLocGrp" ControlID="AssetLocGrpTbx" Type="String" ConvertEmptyStringToNull="true" />
<asp:ControlParameter Name="AssetLongDesc" ControlID="AssetLongDescTbx" Type="String" ConvertEmptyStringToNull="true" />
<asp:ControlParameter Name="AssetOrgID" ControlID="AssetOrgIDTbx" Type="String" ConvertEmptyStringToNull="true" />
<asp:ControlParameter Name="AssetPriIPAddr" ControlID="AssetPriIPAddrTbx" Type="String" ConvertEmptyStringToNull="true" />
<asp:ControlParameter Name="AssetStatus" ControlID="AssetStatusTbx" Type="String" ConvertEmptyStringToNull="true" />
</SelectParameters>
I have tried variations of AssetName='%#AssetName%' and AssetName='%'+#AssetName+'%' as well as sever other contraptions but not had anything that even did anything more than completely blocked all rows from being returned.
Any ideas would be greatly appreciated because I really would like to see this on my filters.
Regards,
Ken...
Okay we seem to be making a little progress here but not fully. Here is what I modified the AssetName to reflect in the datasource I may have messed up something on the syntax but I thought I had it exactly as you had stated it.
([AssetName] LIKE '%' + CASE WHEN #AssetName is null Then '' Else #AssetName End + '%')
Latest Changes to the DataSource per your suggestion:
<asp:SqlDataSource ID="InventoryList" runat="server"
ConnectionString='<%$ ConnectionStrings:CMDB_testConnectionString %>'
SelectCommand="SELECT [AssetID], [AssetType], [AssetName], [AssetShortDesc], [AssetLongDesc], [AssetAddNotes], [AssetManuf], [AssetModel], [AssetTag], [AssetSerialNum], [AssetAcqDate], [AssetDTAssetID], [AssetLocGrp], [AssetLoc1], [AssetLoc2], [AssetLoc3], [AssetParent], [AssetStatus], [AssetPropType], [AssetPrimUser], [AssetEntered], [AssetEnteredBy], [AssetOwner], [AssetCompany], [AssetPriIPAddr], [AssetPriMACAddr], [AssetPriOS], [AssetPriOSSP], [AssetNotes], [AssetAdminGrp], [AssetOrgID], [AssetOperType], [AssetOperStatus] FROM [cmdbv_Assets_CInTrac]"
FilterExpression=" Convert(AssetID, 'System.String') LIKE '{0}%' 
and AssetName LIKE '{1}%' 
and AssetType LIKE '{2}%' 
and AssetShortDesc LIKE '{3}%' 
and AssetManuf LIKE '{4}%' 
and AssetModel LIKE '{5}%' 
and AssetTag LIKE '{6}%' 
and AssetSerialNum LIKE '{7}%' 
and AssetDTAssetID LIKE '{8}%' 
and AssetLocGrp LIKE '{9}%' 
and AssetLongDesc LIKE '{10}%' 
and AssetOrgID LIKE '{11}%' 
and AssetPriIPAddr LIKE '{12}%' 
and Convert(AssetStatus, 'System.string') LIKE '{13}%'">
<FilterParameters>
<asp:ControlParameter Name="AssetID" ControlID="AssetIDTbx" PropertyName="Text" />
<asp:ControlParameter Name="AssetName" ControlID="AssetNameTbx"  PropertyName="Text" />
<asp:ControlParameter Name="AssetType" ControlID="AssetTypeTbx"  PropertyName="Text" />
<asp:ControlParameter Name="AssetShortDesc" ControlID="AssetShortDescTbx"  PropertyName="Text" />
<asp:ControlParameter Name="AssetManuf" ControlID="AssetManufTbx"  PropertyName="Text" />
<asp:ControlParameter Name="AssetModel" ControlID="AssetModelTbx"  PropertyName="Text" />
<asp:ControlParameter Name="AssetTag" ControlID="AssetTagTbx"  PropertyName="Text" />
<asp:ControlParameter Name="AssetSerialNum" ControlID="AssetSerialNumTbx"  PropertyName="Text" />
<asp:ControlParameter Name="AssetDTAssetID" ControlID="AssetDTAssetIDTbx"  PropertyName="Text" />
<asp:ControlParameter Name="AssetLocGrp" ControlID="AssetLocGrpTbx"  PropertyName="Text" />
<asp:ControlParameter Name="AssetLongDesc" ControlID="AssetLongDescTbx"  PropertyName="Text" />
<asp:ControlParameter Name="AssetOrgID" ControlID="AssetOrgIDTbx"  PropertyName="Text" />
<asp:ControlParameter Name="AssetPriIPAddr" ControlID="AssetPriIPAddrTbx"  PropertyName="Text" />
<asp:ControlParameter Name="AssetStatus" ControlID="AssetStatusTbx"  PropertyName="Text" />
</FilterParameters> 
</asp:SqlDataSource>

Then you need to pass the value as string.empty and also you need to allow covertingEmptyStringToNull for each and every QueryStringParameter.
So the steps are as simple as the following:
1- Add ConvertEmptyStringToNull="true" for each QueryStringParameter in you query. The following example shows how your QueryStringParameter elements should look like:
<asp:QueryStringParameter QueryStringField="#AssetName"
DefaultValue=""
Name="AssetName"
Type="String"
ConvertEmptyStringToNull="true">
</asp:QueryStringParameter>
2- Now, In order to allow string.Empty to be passed in the queryString in the SqlDataSource, you can use CASE WHEN in your Where clause. The following is an example to demonstrate this. Then in your scenario you can apply this to each parameter.
SELECT [AssetName]
FROM [cmdbv_Assets_CInTrac]
WHERE ([AssetName] LIKE '%' +
CASE WHEN #AssetName is NULL
Then ''
Else #AssetName
End + '%')

To map LIKE directly with a textbox, you can also use [FilterExpression][1]. For example, assuming you have the following Textbox for filtering
<asp:TextBox ID="searchTextBox" runat="server"></asp:TextBox>
You can code your SqlDataSource as shown in the following example:
<asp:SqlDataSource ID="gridDataSource" runat="server"
ConnectionString='<%$ ConnectionStrings:CMDB_testConnectionString %>'
SelectCommand="SELECT [AssetName] FROM [cmdbv_Assets_CInTrac]"
FilterExpression="AssetName LIKE '{0}%'">
<FilterParameters>
<asp:ControlParameter Name="AssetName" ControlID="searchTextBox" PropertyName="Text" />
</FilterParameters>
</asp:SqlDataSource>
In your scenario you will have to create ControlParameter for each column you want to map to a TextBox. Make sure you map by the textbox control id as shown in the example above.
Update 2
Your statement should look like the following.. In your answer you repeated FilterExpression and didn't increment the {0} for each column. So here's how your SqlDataSource should be
<asp:SqlDataSource ID="InventoryList" runat="server"
ConnectionString='<%$ ConnectionStrings:CMDB_testConnectionString %>'
SelectCommand="SELECT [AssetID], [AssetType], [AssetName], [AssetShortDesc],
[AssetLongDesc], [AssetAddNotes], [AssetManuf], [AssetModel], [AssetTag]
[AssetSerialNum], [AssetAcqDate], [AssetDTAssetID], [AssetLocGrp], [AssetLoc1],
[AssetLoc2], [AssetLoc3], [AssetParent], [AssetStatus], [AssetPropType],
[AssetPrimUser], [AssetEntered], [AssetEnteredBy], [AssetOwner], [AssetCompany],
[AssetPriIPAddr], [AssetPriMACAddr], [AssetPriOS], [AssetPriOSSP], [AssetNotes],
[AssetAdminGrp], [AssetOrgID], [AssetOperType], [AssetOperStatus]
FROM [cmdbv_Assets_CInTrac]"
FilterExpression=" Convert(AssetID , 'System.String') LIKE '{0}%'
AND AssetName LIKE '{1}%'
And AssetType LIKE '{2}%'
AND AssetShortDesc LIKE '{3}%'
AND AssetManuf LIKE '{4}%'
AND AssetModel LIKE '{5}%'
AND AssetTag LIKE '{6}%'
AND Convert(AssetSerialNum , 'System.String') LIKE '{7}%'
AND Convert(AssetDTAssetID , 'System.String') LIKE '{8}%'
AND AssetLocGrp LIKE '{9}%'
AND AssetLongDesc LIKE '{10}%'
AND Convert( AssetOrgID, 'System.String') LIKE '{11}%'
AND AssetPriIPAddr LIKE '{12}%'
AND AssetStatus LIKE '{13}%'">
<FilterParameters>
<asp:Controlparameter Name="AssetID" ControlID="AssetIDTbx" PropertyName="Text" />
<asp:ControlParameter Name="AssetName" ControlID="AssetNameTbx" PropertyName="Text" />
<asp:ControlParameter Name="AssetType" ControlID="AssetTypeTbx" PropertyName="Text" />
<asp:ControlParameter Name="AssetShortDesc" ControlID="AssetShortDescTbx" PropertyName="Text" />
<asp:ControlParameter Name="AssetManuf" ControlID="AssetManufTbx" PropertyName="Text" />
<asp:ControlParameter Name="AssetModel" ControlID="AssetModelTbx" PropertyName="Text" />
<asp:ControlParameter Name="AssetTag" ControlID="AssetTagTbx" PropertyName="Text" />
<asp:ControlParameter Name="AssetSerialNum" ControlID="AssetSerialNumTbx" PropertyName="Text" />
<asp:ControlParameter Name="AssetDTAssetID" ControlID="AssetDTAssetIDTbx" PropertyName="Text" />
<asp:ControlParameter Name="AssetLocGrp" ControlID="AssetLocGrpTbx" PropertyName="Text" />
<asp:ControlParameter Name="AssetLongDesc" ControlID="AssetLongDescTbx" PropertyName="Text" />
<asp:ControlParameter Name="AssetOrgID" ControlID="AssetOrgIDTbx" PropertyName="Text" />
<asp:ControlParameter Name="AssetPriIPAddr" ControlID="AssetPriIPAddrTbx" PropertyName="Text" />
<asp:ControlParameter Name="AssetStatus" ControlID="AssetStatusTbx" PropertyName="Text" />
</FilterParameters>
</asp:SqlDataSource>

Related

SqlDataSource UpdateParameters - Input string was not in a correct format

I have inherited some ASP.NET code that I need to update which has resulted in my needing to change the ASP SqlDataSource's UpdateCommandType from a string (hard coded SQL Update statement) to a stored procedure containing the Update statement.
The string executes fine and uses parameters that are bound to controls in a details view (I know this is not best practice and it pains me having to work with data connections from the client side...! But I dont have time to re-write all the data connections for this and many pages just yet).
Anyway, I have just changed the UpdateCommand to a stored procedure that does the same thing and I just get the error
Input String was not in a correct format.
when I try to update on the page.
I can supply code if requested, but it is big & horrible so I am tentatively asking if anyone has any initial ideas? I will put a few small bits below though. I have been looking at the UpdateParameterCollection as I wonder if the parameter collection is getting cached anywhere - but cannot see anything.
I have controls bound to the DataSource items like so:
<EditItemTemplate>
<asp:CheckBox ID="chkNonReview" runat="server" Checked='<%# Bind("NonReview") %>' />
</EditItemTemplate>
And the SqlDataSource has been changed from this...
<asp:SqlDataSource ID="dsEventDV" runat="server"
ConnectionString="<%$ ConnectionStrings:MyConnString %>"
DeleteCommand="DELETE FROM [I_TRAINEE_EVENTS] WHERE [EVENTID] = #EVENTID"
InsertCommand="INSERT_TRAINEE_EVENTS_ED3"
InsertCommandType="StoredProcedure"
OnInserted="DSEvent_Inserted"
SelectCommand="Get_Candidate_Events_I3"
SelectCommandType="StoredProcedure"
UpdateCommand="UPDATE I_TRAINEE_EVENTS (etc...)"
.....
to this:
<asp:SqlDataSource ID="dsEventDV" runat="server"
ConnectionString="<%$ ConnectionStrings:MyConnString %>"
DeleteCommand="DELETE FROM [I_TRAINEE_EVENTS] WHERE [EVENTID] = #EVENTID"
InsertCommand="INSERT_TRAINEE_EVENTS_ED3"
InsertCommandType="StoredProcedure"
OnInserted="DSEvent_Inserted"
SelectCommand="Get_Candidate_Events_I3"
SelectCommandType="StoredProcedure"
UpdateCommand="UPDATE_TRAINEE_EVENTS"
UpdateCommandType="StoredProcedure">
.....
With the new UpdateCommand values.
The update parameters:
<UpdateParameters>
<asp:Parameter Name="EVENTID" Type="Int32"/>
<asp:Parameter Name="EVENTTYPEID" Type="Int32"/>
<asp:Parameter Name="EVENTDATE" Type="DateTime"/>
<asp:Parameter Name="STAFFID" Type="Int32"/>
<asp:Parameter Name="REVIEWNO" Type="Int32"/>
<asp:Parameter Name="COMMENTS" Type="String"/>
<asp:Parameter Name="DESTINYVERIFIED" Type="Int32"/>
<asp:Parameter Name="DESTINYVERIFIEDBY" Type="Int32"/>
<asp:Parameter Name="DESTINYVERIFIEDDATE" Type="DateTime"/>
<asp:Parameter Name="REASONFORSUSPENSIONID" Type="Int32"/>
<asp:Parameter Name="RETURNTOWORKDATE" Type="DateTime"/>
<asp:Parameter Name="ContactDetailsUpdated" Type="Int32"/>
<asp:Parameter Name="RETENTION_STATUS_ID" Type="Int32"/>
<asp:Parameter Name="RETENTION_REASON_ID" Type="Int32"/>
<asp:Parameter Name="NonReview" Type="Int32"/>
<asp:Parameter Name="FalsifiedEventReason" Type="Int32"/>
<asp:Parameter Name="SusReqReasonID" Type="Int32"/>
<asp:Parameter Name="SusReqReturnDate" Type="DateTime"/>
</UpdateParameters>
The stored procedure declaration is as follows:
CREATE PROCEDURE [dbo].[UPDATE_TRAINEE_EVENTS]
#EVENTID int,
#EVENTTYPEID int,
#EVENTDATE datetime,
#STAFFID int,
#REVIEWNO int,
#COMMENTS varchar(2100),
#DESTINYVERIFIED int,
#DESTINYVERIFIEDBY int,
#DESTINYVERIFIEDDATE datetime,
#REASONFORSUSPENSIONID int,
#RETURNTOWORKDATE datetime,
#ContactDetailsUpdated int,
#RETENTION_STATUS_ID int,
#RETENTION_REASON_ID int,
#NonReview int,
#FalsifiedEventReason int,
#SusReqReasonID int,
#SusReqReturnDate datetime
AS
......
I have also run SQL Server Profiler against the session to see what was being passed to the database, however the error comes in before anything hits the database which appears to suggest the problem is within the ASP.NET side of things.
Your <asp:Parameter Name="EVENTID" /> should have a datatype.
I think it should be like this..
<asp:Parameter Name="EVENTID" Type="Int32" />

ASP Gridview Select statement not working (GUID)

I'm using ASP.net to use a gridview. The gridview's sql data source is a select statement where ID = a value (a GUID) from a querystring.
However, when I try and preview it, it doesn't show any results. If I change it to a different type (int) of 1, then it works fine and shows results.
If I do the select statement in SQL Server Management Studio (with the GUID), it works fine and shows the results.
Here's the code for the data:
<asp:SqlDataSource ID="SQLDataSourceL" runat="server" ConnectionString="<%$ ConnectionStrings:ConnectionString1 %>"
SelectCommand="SELECT [FName], [Date] FROM [Table1] WHERE (([FName] = #FName) AND ([Type] = #Type)) ORDER BY [Date] DESC, [FName]">
<SelectParameters>
<asp:QueryStringParameter Name="FName" QueryStringField="id" Type="Object" />
<asp:Parameter DefaultValue="X" Name="Type" Type="String" />
</SelectParameters>
</asp:SqlDataSource>
(I've changed the column names).
Hope you can help.
Try changing the QueryStringParameter to the suitable type, eg:
<asp:QueryStringParameter Name="FName" QueryStringField="id" Type="String" />

How to filter using a dropdown in a gridview and display all values when none is selected

I have a web page with 3 values (1 text box, and 2 drop-downs) and displays result in a gridview. This is working great when the value that I want to search is in the drop-down. However, if the user didn't select one of the dropdownlist ( facilityCode), we would like to display all facility codes versus only one. What is the easiest way to accomplish this? Below is the code related to the sqldatasource:
<asp:SqlDataSource ID="SqlDataSource1" runat="server"
ConnectionString="<%$ ConnectionStrings:HCSCRMConnectionString %>"
SelectCommand="SELECT MMM_Id_Nbr, Item_Desc, Supplier_Nbr, Supplier_Name, Stocking_Facility_Code, Reorder_Point_Qty, BodID, Active_Ind FROM BOD_ROP_TBL WHERE (MMM_Id_Nbr = #MMM_Id_Nbr)and active_Ind=#Active_Ind and Stocking_Facility_Code=#FacilityCode"
UpdateCommand="UPDATE BOD_ROP_TBL SET Reorder_Point_Qty = #Reorder_Point_Qty, Active_Ind = #Active_Ind WHERE (BodID = #BodID)">
<SelectParameters>
<asp:FormParameter FormField="txt3MID" Name="MMM_Id_Nbr" Type="String" />
<asp:FormParameter FormField="dropActive" Name="Active_Ind" Type="String" />
<asp:FormParameter FormField="FacilityCode" Name="FacilityCode" Type="String" />
</SelectParameters>

Control doesn't bind to SqlDataSource on page load with blank parameters

Suppose you have a SQLDataSource that looks like this:
<asp:SqlDataSource ID="sqldsSample" runat="server"
ConnectionString="<%$ ConnectionStrings:myConnectionString %>"
SelectCommand="SELECT [col1], [col2] FROM [tbl] WHERE [col3] = #val) ORDER BY [col1] DESC;">
<SelectParameters>
<asp:Parameter DefaultValue="False" Name="val" Type="Boolean" />
<asp:Parameter DefaultValue="" Name="val2" Type="String" />
</SelectParameters>
</asp:SqlDataSource>
Just assume you have decided you want to declare the 'val2' parameter here and you don't want to bother with adding and/or removing parameters later in the code-behind (say, to change the SelectCommand to do some filtering with some extra criteria).
It will fail without an error - the control will just show up empty.
You have to specify a default value for the parameter even if it's not used. For example, just putting in a space character will work:
<asp:Parameter DefaultValue=" " Name="val2" Type="String" />
Note that it still won't work if you omit the DefaultValue property.
There is also the CancelSelectOnNullParameter parameter on SqlDataSource - you need to set this to false if you expect any of your parameters to be null.
It's not very obvious and it has caught me out a few times!

Setting SqlDataSource Parameters from Request.Form

I'm trying to create simple search. I have "txtSearch" textBox and "search" button in MasterPage, button has PostbackUrl= Search.aspx
In MasterPage
<asp:TextBox ID="txtSearch" runat="server" ValidationGroup="b" Text="Users Search" ForeColor="Silver">Users Search</asp:TextBox>
<asp:Button ID="btnSearch" runat="server" Text="Search" ValidationGroup="b"
PostBackUrl="~/Search.aspx" onclick="btnSearch_Click" />
In Search.aspx i have GridView that shows me results and SqlDataSource
<asp:SqlDataSource ID="SqlDataSearchResult" runat="server"
ConnectionString="<%$ ConnectionStrings:ConnectionString %>"
SelectCommand="SELECT vw_aspnet_Users.UserId, vw_aspnet_Users.UserName, Custon_UserInfo.UserId AS Expr1, Custon_UserInfo.FirstName, Custon_UserInfo.LastName, Custon_UserInfo.Location, Custon_UserInfo.Avatar, Custon_MoneyWork.UserId AS Expr2, Custon_MoneyWork.Money, vw_aspnet_Users.LastActivityDate FROM vw_aspnet_Users INNER JOIN Custon_UserInfo ON vw_aspnet_Users.UserId = Custon_UserInfo.UserId INNER JOIN Custon_MoneyWork ON vw_aspnet_Users.UserId = Custon_MoneyWork.UserId WHERE (vw_aspnet_Users.UserName LIKE '%' + #UserName + '%')">
<SelectParameters>
<asp:FormParameter FormField="txtSearch" Name="UserName" Type="String" />
</SelectParameters>
</asp:SqlDataSource>
In Define Parameters :
UserName =Request.Form("txtSearch") as it needs to be, but it's not working. I tried with session["search"]=txtSearch.text; and its working.. But not with Request.Form..
UPD
I tryed to use QueryStringField instead of FormField and it works, don't know whats wrong with FormField.
Why not avoid Session variables (I don't like the idea of a 'global' variable that sits above everything else, and no way of knowing if it was inadvertently changed or corrupted by bad code, for example), and use ControlParameter instead?
ie
<SelectParameters>
<asp:ControlParameter ControlID="txtSearch" Name="UserName" PropertyName="Text" Type="String" />
</SelectParameters>
Let ASP.net do most of the work for you.

Resources