How do you select only rows that apply to the user currently signed in when using the Configure Data Source dialog? Right each row has a username that was created for them when they register. I am using the built in ASP.NET membership system. Is there anyway to do a Where clause that selects the current users username?
HttpContext.Current.User.Identity.Name
gives you the windows user name associated with the current request.
To get it into your where clause you have to add a parameter to the select command
<asp:SqlDataSource ID="SqlDataSource1" runat="server" SelectCommand="Select * From tbl Where user = #user">
<SelectParameters>
<asp:Parameter Name="user" Type="String" />
</SelectParameters>
</asp:SqlDataSource>
and then set the value in code behind:
SqlDataSource1.SelectParameters["user"].DefaultValue = HttpContext.Current.User.Identity.Name;
There might be other ways to get it there but this should be one of the easiest.
Microsofts article for using parameters on the datasource: http://msdn.microsoft.com/en-us/library/z72eefad.aspx
You need to add a parameter to the SqlDataSource control.
You just need to add the parameters to the sql datasource for extracting the username and password from the database.
or you can create one stored proceduce to select the username and password.
and then pass the values of username and password in code behind.
Related
I've got a website where I'm running the following code:
<asp:AccessDataSource ID="AccessDataSource1" runat="server"
DataFile="~/App_Data/TravelJoansDB.accdb"
SelectCommand="SELECT * FROM [Table2] INNER JOIN BlogEntryItems ON Table2.ID=BlogEntryItems.BlogID WHERE ([Table2.ID]=#ID)">
<SelectParameters>
<asp:QueryStringParameter Name="ID" QueryStringField="Table2.ID" Type="Decimal" />
</SelectParameters>
</asp:AccessDataSource>
It seems to return no records, although I have run the query in Access and it returns the records I'm expecting. Note: In my query in Access, I substituted
WHERE ([Table2.ID]=#ID)
with
WHERE Table2.ID=4
Make the query in your code exactly the same as the one you're running against Access. (Replace #ID with 4.)
If it returns the records you expect, the problem is with #ID.
If it still appears to return no records, then your problem is either with how you're sending your command to the database or how you're reading the results.
Using AccessDataSource and ListView when I hit del in browser following error is shown
OleDbException (0x80004005)
: The record cannot be deleted or changed because table 'tblOrders' includes related records.
I am trying to solve the problem through a couple of ways which are as follows
DeleteCommand="DELETE FROM [tblCustomers] , [tblOrders] WHERE [pkeyCustomerID] = ? "
The Default command generated by ASP is
DeleteCommand="DELETE FROM [tblCustomers] WHERE (([pkeyCustomerID] = ?) OR ([pkeyCustomerID] IS NULL AND ? IS NULL)) "
Or
I removed <asp:Parameter Name="pkeyCustomerID" Type="String" /> from <DeleteParameters>
and replace it with the parameters of selected table
so the foreign key issue isnt affected
tag now there are no errors but the record isnt deleted either
How do i get around this?
Your first query:
DELETE FROM [tblCustomers] , [tblOrders] WHERE [pkeyCustomerID] = ?
Is not valid syntax, you cannot delete from two tables simulatenously, you would need something like
DELETE FROM [tblOrders] WHERE [pkeyCustomerID] = ?;
DELETE FROM [tblCustomers] WHERE [pkeyCustomerID] = ?;
However I don't think Access supports multiple statements. The best solution would be to edit this relationship to use the cascade delete referential action trigger.
To do this go into the relationships in Access:
Then double click on the relationship between tblOrders and tblCustomers which will bring up the properties. Then either uncheck "Enforce Referential Integrity", or ensure that the cascade referential action options are checked (ignore the field names, it was the first relation I came across in a test database I have):
This will ensure that when you delete a customer, you delete all related orders too.
I have a GridView with an Update button. I want to update a field in the database but I think the '#' in the code below is causing the problem in my ASP .NET page. What can be done within the grid or in the update (UpdateCommand) statement? Note, I get an Ora 00936 error.
<asp:SqlDataSource ID="dsBooks" runat="server"
ProviderName="<%$ ConnectionStrings:ConnectionString.ProviderName %>"
ConnectionString="<%$ ConnectionStrings:ConnectionString %>"
SelectCommand="SELECT OBJECTID, TRACT, GIS_ACRES, COMMENTS, PDF_STORAGE FROM CampusDev.CU_POLY ORDER BY OBJECTID"
UpdateCommand="UPDATE CampusDev.CU_POLY SET COMMENTS='just atest' WHERE OBJECTID=#OBJECTID"
The ":OBJECTID" in Oracle parlance is a Bind Variable.
I'm ignorant of asp.net semantics, but you will want to use bind variables here. This link should provide a more complete explanation, but basically it's this:
cmd.Parameters.Add(new OracleParameter(“OBJECTID″, #OBJECTID));
UpdateCommand="UPDATE CampusDev.CU_POLY
SET COMMENTS='just atest' WHERE OBJECTID=:OBJECTID"
Then execute your command.
Always use bind variables where possible in production code - it allows Oracle to avoid hard parsing of the SQL statement.
Also, the name of the Bind Variable is unimportant to Oracle. The order in which it appears is the important aspect. You could just as easily say
WHERE OBJECTID=:1
with the same effect.
Oracle usually has : instead of #:
WHERE OBJECTID = :OBJECTID
Or perhaps objectid is a reserved word, which you can escape with " in Oracle:
WHERE "OBJECTID" = :OBJECTID
Or perhaps you'd have to specify a parameter to ASP.NET:
<asp:SqlDataSource ...>
<UpdateParameters>
<asp:Parameter Type="Int32" Name="ObjectId" />
</UpdateParameters>
</asp:SqlDataSource>
Part of an ASP.Net 2 datasource:
SelectCommand="SELECT BU.P_GEAC_CORP_CD AS Corp_Code,
BU.Business_unit as Abbreviation,
CC.DEPTID AS Cost_Center,
CC.DESCR AS Description
FROM fstst.PS_P_CATR_BUDPT_VW CC,
fstst.ps_p_bus_unit_cnv BU
WHERE BU.Business_unit = CC.Business_unit">
This feeds a GridView which works. The display shows that
CC.DESCR AS Description
is text (non-numeric).
I want to use a textbox as a "contains" filter, i.e., if I put "Recovery" in the box,
I want the datasource to add
AND CC.DESCR Like '%Recovery%'
to the SQL. If I hard-code that line, it works.
But if I add
<SelectParameters>
<asp:ControlParameter ControlID="Dept_Name"
Name="DName"
PropertyName="Text"
Type="string" />
</SelectParameters>
without changing the SQL, I get no rows returned. Then if I put
AND CC.DESCR Like '%' + :DName + '%'
into the SQL, I get no results when the textbox is blank, and ORA-01722: invalid number as soon as I put characters in it.
Thanks for the attempt, "birdlips."
Unfortunately, the Oracle server had only minimal logging turned on.
On top of that, while I was visiting the DBA, stackoverflow somehow ended up on our company's list of forbidden sites. So I could not share the answer.
This must be a little known fact about Oracle, as our two DBAs didn't catch it either: Oracle thinks plus is for numbers no matter what the context.
It worked as soon as I changed + to ||
you need to use single quotes around the text when using a like statement with a string.
It needs to look like
AND CC_DESCR LIKE '%VALUE%'
I'm working with a GridView that uses a SqlDataSource element that looks like this:
<asp:SqlDataSource ID="InventoryDB" runat="server" ConnectionString="<%$ ConnectionStrings:InventoryConnectionString %>"
SelectCommand="SELECT [Server], [Customer] FROM [Website] WHERE [Owner] = 'someOwner'">
</asp:SqlDataSource>
I'd like to replace the 'someOwner' part of the where clause with something dynamic, like so:
SelectCommand="SELECT [Server], [Customer] FROM [Website] WHERE [Owner] = '<%# UserManager.getCurrentUser(Request) %>'"
But when I do this, it seems to use the literal text of the WHERE clause instead of evaluating my function call, which of course does not work. What is the right way to do this?
The proper way to handle that is to use parameters. The MSDN documentation on it is pretty thorough in showing how to use them.
User Parameters with Data Source Controls has some more detailed and accessible information on using parameters.