I'm working with a GridView that uses a SqlDataSource element that looks like this:
<asp:SqlDataSource ID="InventoryDB" runat="server" ConnectionString="<%$ ConnectionStrings:InventoryConnectionString %>"
SelectCommand="SELECT [Server], [Customer] FROM [Website] WHERE [Owner] = 'someOwner'">
</asp:SqlDataSource>
I'd like to replace the 'someOwner' part of the where clause with something dynamic, like so:
SelectCommand="SELECT [Server], [Customer] FROM [Website] WHERE [Owner] = '<%# UserManager.getCurrentUser(Request) %>'"
But when I do this, it seems to use the literal text of the WHERE clause instead of evaluating my function call, which of course does not work. What is the right way to do this?
The proper way to handle that is to use parameters. The MSDN documentation on it is pretty thorough in showing how to use them.
User Parameters with Data Source Controls has some more detailed and accessible information on using parameters.
Related
In Visual Studio I have an asp.net (vb.net) project using a sqldatasource component connecting to a postgres database. This works fine but now I need to provide a parameter to my select statement and I find no solution:
<asp:SqlDataSource ID="SqlDataSource1" runat="server"
ConnectionString="<%$ ConnectionStrings:myConnectionString %>"
ProviderName="Npgsql"
SelectCommand="SELECT column2 from myTable where column1 = :column1)">
<SelectParameters>
<asp:Parameter Name=":column1" Type="String"/>
</SelectParameters>
</asp:SqlDataSource>
When I try to update the scheme I get an
Error 42601 Syntax error at >>:<<
I also tried using parameter #column1 (instead of :column1, which works for my mssqlserver connections), but then I get
Error 42883 operator does not exist # character varying".
Is there a way to use the sqldatasource with postgres sql parameters without programming code behind?
Meanwile I found more or less accidantally the solution, so I give it here if someone else might be interested:
Within the SelectCommdand I use "#column1" as the parameter.
Within the SelectParamter-section the parameter name must be "column1" (without #):
<asp:SqlDataSource ID="SqlDataSource1" runat="server"
ConnectionString="<%$ ConnectionStrings:myConnectionString %>"
ProviderName="Npgsql"
SelectCommand="SELECT column2 from myTable where column1 = #column1)">
<SelectParameters>
<asp:Parameter Name="column1" Type="String"/>
</SelectParameters>
</asp:SqlDataSource>
Its still not possible to perform "update scheme" with the sqldatasource component (still getting error) but now the select statement works fine during runtime, i.e. the gridview based on the sqldatasource shows the selected data as required.
I would like to ask if is it ok to use multiple SqlDataSource in asp.net. Apologies with my question, I'm just new at programming.
<asp:SqlDataSource ID="SqlDataSource9" runat="server"
SelectCommand="SELECT cdesc FROM [main] where [cmain]='O' and [cformat]='' order by cdesc"
ConnectionString="<%$ ConnectionStrings:My_ConnectionString %>" />
<asp:SqlDataSource ID="SqlDataSource10" runat="server"
SelectCommand="SELECT cdesc FROM [main] where [cmain]='Q' and [cformat]='' order by cdesc"
ConnectionString="<%$ ConnectionStrings:My_ConnectionString %>" />
Of course you can use multiple SqlDataSource on singe page.
But if you want to use connection to same table then instead of using multiple SqlDataSource, you can just link same SqlDataSource with multiple sources.
I've tried hard to make sure I couldn't find the answer to this anywhere, so apologies if it's a repeat.
I want to use a WHERE clause to filter data output from an SQL Server statement to items which are less than two weeks old. I've successfully managed to write the .vb code to get the date from two weeks ago, however I'm having trouble trying to insert this date into the statement from my .aspx page.
The code to calculate the date two weeks ago is as follows:
Protected dateBuffer As String = lastFortnight().ToString("dd/MM/yyyy")
Function lastFortnight() As DateTime
Dim retVal As DateTime = DateTime.Now.AddDays(-14)
Return retVal
End Function
This returns a date of 06/01/2014 (as of today) if called on my .aspx page using <%=dateBuffer %>
However if I try and insert it into my SQL statement to filter the outputs like so:
<asp:SqlDataSource ID="SqlDataSource1" runat="server"
ConnectionString="<%$ ConnectionStrings:Database SQL 20130905ConnectionString %>"
ProviderName="<%$ ConnectionStrings:Database SQL 20130905ConnectionString.ProviderName %>"
SelectCommand="SELECT [ReqNumber], [ApprovedDate], [Approved] FROM [RequisitionDetails] WHERE ([RequestDate] >= ?)">
<SelectParameters>
<asp:Parameter DefaultValue='<%=dateBuffer %>' Name="RequestDate" Type="DateTime" />
</SelectParameters>
</asp:SqlDataSource>
I consistently get the error
Exception Details: System.FormatException: String was not recognized as a valid DateTime.
I've spent most of my day searching for how to fix this, and I'm still no closer than I was 4 hours ago. If I'm making any stupid mistakes please let me know... I'm a complete newbie when it comes to any of this stuff, It's the first time I've ever worked with .aspx, .vb and SQL server.
SQL's date format differs from the .NET DateTime data type, which is why you're getting the formatting error. There are ways to convert, such as using the SqlDateTime struct - How can I convert a .Net Datetime to a T-SQL Datetime
In your case though, might it not be simpler to pass the number of days to your SQL statement (or stored proc), and use a DateDiff/DateAdd combination in SQL ?
How do you select only rows that apply to the user currently signed in when using the Configure Data Source dialog? Right each row has a username that was created for them when they register. I am using the built in ASP.NET membership system. Is there anyway to do a Where clause that selects the current users username?
HttpContext.Current.User.Identity.Name
gives you the windows user name associated with the current request.
To get it into your where clause you have to add a parameter to the select command
<asp:SqlDataSource ID="SqlDataSource1" runat="server" SelectCommand="Select * From tbl Where user = #user">
<SelectParameters>
<asp:Parameter Name="user" Type="String" />
</SelectParameters>
</asp:SqlDataSource>
and then set the value in code behind:
SqlDataSource1.SelectParameters["user"].DefaultValue = HttpContext.Current.User.Identity.Name;
There might be other ways to get it there but this should be one of the easiest.
Microsofts article for using parameters on the datasource: http://msdn.microsoft.com/en-us/library/z72eefad.aspx
You need to add a parameter to the SqlDataSource control.
You just need to add the parameters to the sql datasource for extracting the username and password from the database.
or you can create one stored proceduce to select the username and password.
and then pass the values of username and password in code behind.
I have a GridView with an Update button. I want to update a field in the database but I think the '#' in the code below is causing the problem in my ASP .NET page. What can be done within the grid or in the update (UpdateCommand) statement? Note, I get an Ora 00936 error.
<asp:SqlDataSource ID="dsBooks" runat="server"
ProviderName="<%$ ConnectionStrings:ConnectionString.ProviderName %>"
ConnectionString="<%$ ConnectionStrings:ConnectionString %>"
SelectCommand="SELECT OBJECTID, TRACT, GIS_ACRES, COMMENTS, PDF_STORAGE FROM CampusDev.CU_POLY ORDER BY OBJECTID"
UpdateCommand="UPDATE CampusDev.CU_POLY SET COMMENTS='just atest' WHERE OBJECTID=#OBJECTID"
The ":OBJECTID" in Oracle parlance is a Bind Variable.
I'm ignorant of asp.net semantics, but you will want to use bind variables here. This link should provide a more complete explanation, but basically it's this:
cmd.Parameters.Add(new OracleParameter(“OBJECTID″, #OBJECTID));
UpdateCommand="UPDATE CampusDev.CU_POLY
SET COMMENTS='just atest' WHERE OBJECTID=:OBJECTID"
Then execute your command.
Always use bind variables where possible in production code - it allows Oracle to avoid hard parsing of the SQL statement.
Also, the name of the Bind Variable is unimportant to Oracle. The order in which it appears is the important aspect. You could just as easily say
WHERE OBJECTID=:1
with the same effect.
Oracle usually has : instead of #:
WHERE OBJECTID = :OBJECTID
Or perhaps objectid is a reserved word, which you can escape with " in Oracle:
WHERE "OBJECTID" = :OBJECTID
Or perhaps you'd have to specify a parameter to ASP.NET:
<asp:SqlDataSource ...>
<UpdateParameters>
<asp:Parameter Type="Int32" Name="ObjectId" />
</UpdateParameters>
</asp:SqlDataSource>