SQL WHERE User.Identity.Name Using Parameters - asp.net

I am using a DetailsView to show only the records in my database that meet the criteria of fulfiling the QueryString value which I have prescribed, and are equal to the current User.Identity.Name authenticated user.
I have gotten this far but I don't know what I am doing wrong as the page seems to be blank still when I pass a value I know is logical and meets both criteria above in the Query String at runtime.
I'll provide you with the relevant snippets rather than posting the full DetailsView code:
SQL Select Command:
SELECT * FROM [Events] WHERE ([EventID] = ?) AND (CreatedBy = #MemberName)
SELECT Parameters:
<SelectParameters>
<asp:QueryStringParameter DefaultValue="1" Name="EventID" QueryStringField="ID"
Type="Int32" />
<asp:parameter name="MemberName" type="String" />
</SelectParameters>
And finally the Code Behind to associate User.Identity.Name with the MemberName parameter:
Protected Sub SqlDataSource1_Selecting(sender As Object, e As SqlDataSourceSelectingEventArgs)
e.Command.Parameters(1).Value = Me.User.Identity.Name
End Sub
What could be going wrong here?

Related

How to set parameters for SqlDataSource UpdateCommand

For a Gridview:
I am trying to use a stored procedure for the first time in a SQLDataSource for the UpdateCommand:
<asp:SqlDataSource ID="TECT_DataSource" runat="server"
ConnectionString="<%$ ConnectionStrings:OracleConnectionString %>"
ProviderName="<%$ ConnectionStrings:OracleConnectionString.ProviderName %>"
SelectCommand="SELECT MPID, User_Id, Last_Name, First_Name
FROM Scripts.vw_Tect_Exam"
UpdateCommand="P_TECT_UPD_EXAM_ID" UpdateCommandType="StoredProcedure">
<UpdateParameters>
<asp:Parameter Name="MPID" Type="Int32" />
<asp:Parameter Name="User_Id" Type="String" />
</UpdateParameters>
</asp:SqlDataSource>
I am wondering how the UpdateParameters get their values set, since I only specify a name?
The procedure P_TECT_UPD_EXAM_ID expects two parameters as input: "in_MPID" and "in_UserId"
I am also wondering how to map those values to the input parameters for the procedure as the names are different?
You can set them something like this :
Example : In the example MPID is the sql parameter name #MPID
<UpdateParameters>
<asp:ControlParameter Name="MPID" ControlID="MPID_TextBox" PropertyName="Text />
<asp:ControlParameter Name="User_Id" ControlID="User_Id_TextBox" PropertyName="Text />
</UpdateParameters>
Correction: Just spotted your proc param names so it must be
<asp:ControlParameter Name="in_MPID" ...............
<asp:ControlParameter Name="in_User_Id" ...............
Hope this helps....
I really wouldn't use a SqlDataSource. It will be much easier if you make the call to the database in the code-behind (or a better yet in a Data Access Layer).
If you use a SqlDataSource the stored procedure call will only be available on that page. Every time you want to make that same call you will have to copy and paste the SqlDataSource or make a UserControl out of it.
The following example uses the Entity Framework to connect to the database and retrieve records:
public List<Record> GetAllRecordsByUserName(string credentials)
{
List<Record> recordList;
using (CustomEntities context = new CustomEntities())
{
IQueryable<Section> recordQuery = from records in context.Records
where records.UserName == credentials
select records;
recordList = recordQuery.ToList<Record>();
}
return recordList;
}

SqlDataSource SelectCommand using 2 Parameters and LIKE does not work

I have the following selectcommand in a SqlDataSource, my problem is that it only returns data when I have values for both Parameters. I need it to also return data when only 1 has a value.
SelectCommand="SELECT user.UserId, UserProfiles.Company, UserProfiles.Address, UserProfiles.JV2, UserProfiles.DB1, aspnet_Membership.Email, user.UserName
FROM user INNER JOIN UserProfiles ON user.UserId = UserProfiles.UserId WHERE (#UserName IS NULL OR #UserName = '' OR user.UserName LIKE '%'+#UserName+'%' ) AND
(#Email IS NULL OR #Email = '' OR user.Email LIKE '%'+#Email+'%')
with the following Parameters
<SelectParameters>
<asp:ControlParameter Name="Email" ControlID="eMail" PropertyName="Text" Type="String" />
<asp:ControlParameter Name="UserName" ControlID="userName" PropertyName="Text" Type="String" />
When I run the query in SQL Server Management Studio and it returns data when I enter only 1 value or both.
When I run the form I only get data returned when I enter values in to both fields.
I found this post: SqlDataSource SelectCommand using LIKE does not work which is similar but the solution hasn't helped.
Obviously I've done something wrong, I just can't see what.
I have had a similar issue and adding this to the sqldatasource fixed it:
<asp:SqlDataSource CancelSelectOnNullParameter="false">

Set SelectParameter for SqlDataSource SelectCommand with unknown number of variables

<asp:SqlDataSource ID="workHourListSqlDataSource" runat="server" ConnectionString="<%$ ConnectionStrings:PlaningSystemConnectionString %>"
SelectCommand="SELECT *
FROM Date AS t1 FULL OUTER JOIN (SELECT * FROM WorkHoursEntry WHERE (WorkerID LIKE #WorkerID)) AS t2 ON t1.PKDate = t2.WorkDay
LEFT OUTER JOIN Worker AS t3 ON t2.WorkerID = t3.WorkerID
LEFT OUTER JOIN (SELECT * FROM Project WHERE ProjectID IN(#Project)) AS t4 ON t2.ProjectID = t4.ProjectID"
FilterExpression="YearMonth IN({0})">
<FilterParameters>
<asp:ControlParameter ControlID="yearMonthFilterLabel" Name="YearMonth"
PropertyName="Text" Type="String" />
</FilterParameters>
<SelectParameters>
<asp:ControlParameter ControlID="WorkerIDLabel" Name="WorkerID"
PropertyName="Text" Type="String" />
<asp:ControlParameter ControlID="projectFilterLabel" Name="Project"
PropertyName="Text" Type="String" />
</SelectParameters>
</asp:SqlDataSource>
Greetings, I have problem with #Project ControlParameter, problem is I don't know how to pass several values and FilterParameters method won't work as I want. Is there any way to pass several variables ? (without using c#).
projectFilterLabel.Text = 'aaa, bbb, ccc';
Basically what I want to do is to select all values from Date table and join them with some values from Project table and output to DataList.
Any help appreciated, I just started learning asp.net
Thanks.
In your asp form create a javascript function to handle the Opening of the window fro your report. In this function set a parameters (var pPassParm) value to a textbox.text (hidden on your parent form) and pass this value with opening of the window ( /reportfolder/report.asx?pPassparm )
On your execution code, create a piece of code that concatenates all your parameters into one string ( textbox.text = 'StartDate = 2012/01/01, EndDate = 2012/02/01, Surname = Jones' etc) before opening the new form for the report.
Refer to post Open a new window and pass parameters to it vb.net asp
I solved this problem by creating new querys with parameters inside (replacing older ones) for SqlDataSource on events.

How to convert asp.net NULL value to "" (blank string)

I have a situation where I am using a detailsview with the SQLDataSource to update a record in an SQL Server Database.
My issue is that textfields that are not completed are converted to NULL in the database. This causes issue as the website using third party web services that can not handle to NULL DB value.
Is there a way that if the textfield is left empty that when the update or insert occurs, that the data is converted to "" (blank string) instead of the NULL value?
Since you are using SQLDataSource, when you insert or update a record, there is a ConvertEmptyStringToNull property of the Insert/update parameters. Set this to false, and set the string to empty, if no value is provided to that control. Look at the example below:
<asp:SqlDataSource ID="SqlDataSource1" runat="server">
<InsertParameters>
<asp:ControlParameter ConvertEmptyStringToNull="false" />
</InsertParameters>
<UpdateParameters>
<asp:ControlParameter ConvertEmptyStringToNull="false" />
</UpdateParameters>
</asp:SqlDataSource>
You could set a default value of "" on the database table column. Or in your SQL select statements you could do something like
SELECT IsNull(ColName,"")
FROM SomeTable
The

EntityDataSource replace * with % wildcard on queries

I have an application that uses EntityDataSource in many places.
In the EDS, I manually build the Where clause based on user input from TextBox'es.
I would like the user to be able to enter "*" (asterisks) instead of "%" when querying data.
Is there an easy as using Entity SQL or the EDS itself to do a search/replace? I know I could actually change the TextBox after the data is entered, but when the user sees his text was changed from an * to a % I don't think he will understand.
I have tried using the T-SQL Replace command and doing something like this:
<asp:EntityDataSource ID="EDSParts" runat="server"
ConnectionString="name=TTEntities" DefaultContainerName="TTEntities"
EnableFlattening="False" EntitySetName="Parts"
OrderBy="it.ID DESC"
Where ="(CASE
WHEN (#PartNumber IS NOT NULL) THEN
it.[Number] LIKE REPLACE(#PartNumber, "*", "%")
ELSE
it.[ID] IS NOT NULL
END)">
<WhereParameters>
<asp:ControlParameter Name="PartNumber" Type="String"
ControlID="txtPartNumberQuery" PropertyName="Text" />
</WhereParameters>
</asp:EntityDataSource>
But I get a "Server tag is not well formed" message. I can't find an equivalent "replace" function in the Entity SQL reference....
Any ideas?
You can handle page postback and modify content of txtPartNumberQuery. EntityDataSource can work only with % (because it builds ESQL query) so you have to change * to % in your codebehind before you execute databinding.
Sluama - Your suggestion fixed it! Such an obvious answer. The " was terminating the Where clause string. I could have sworn I tried that, but I guess not. Becuase, I just happened to come back to this question and saw your answer and it works!
<asp:EntityDataSource ID="EDSParts" runat="server"
ConnectionString="name=TTEntities" DefaultContainerName="TTEntities"
EnableFlattening="False" EntitySetName="Parts"
OrderBy="it.ID DESC"
Where ="(CASE
WHEN (#PartNumber IS NOT NULL) THEN
it.[Number] LIKE REPLACE(#PartNumber, '*', '%')
ELSE
it.[ID] IS NOT NULL
END)">
<WhereParameters>
<asp:ControlParameter Name="PartNumber" Type="String"
ControlID="txtPartNumberQuery" PropertyName="Text" />
</WhereParameters>
</asp:EntityDataSource>

Resources