1

I'm creating a ListView in ASP.NET and have based mine on the example given by CodeProject here. I want to make the Select Command of the SqlDataSource dynamic so that a value is generated from one provided from the session. Ive tried a fue different possibilities, here is an example of what I want:

<asp:SqlDataSource ID="SqlDataSource1" runat="server" 
    ConnectionString="<%$ ConnectionStrings:TestDatabaseConnectionString %>" 
    SelectCommand="SELECT * FROM [Contacts] WHERE [Name] = <%# Eval("value") %> " >
</asp:SqlDataSource>

How would I pass such a value using ASP? Ive also tried creating the query in the C# back page and linking to it like SelectCommand = "<%# Eval("Query") %>" and also by using the @value syntax. neither work!

Improve this question

6 Answers 6

Reset to default
2

This should do the trick. Define a SessionParameter as follows and make sure Name=Sql parameter name and SessionField is same as your session field. DBType and DefaultValue as required...

<asp:SqlDataSource ID="SqlDataSource1" runat="server" 
    SelectCommandType="Text"
    ConnectionString="<%$ ConnectionStrings:TestDatabaseConnectionString %>" 
    SelectCommand="SELECT * FROM [Contacts] WHERE [Name] = @ParaName"

    <SelectParameters>
        <asp:SessionParameter 
               Name="ParaName" 
               SessionField="YourSessionFieldName" 
               DbType="String" 
               DefaultValue="" />
    </SelectParameters>
</asp:SqlDataSource>
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

This is a decent workaround, but I think the user would be better off programatically setting the data and binding it to a control rather than using a SqlDataSource.
1

Replace with 

SelectCommand="SELECT * FROM [Contacts] WHERE [Name] = @Name"

And define your @Name as parameter

<SelectParameters>
    <asp:Parameter  DefaultValue="<%# Eval("Query") %>" Name="Name"  DbType="..." />
</SelectParameters>
Improve this answer

1 Comment

I'm trying to use this now, but how can I get the "<%# Eval("Query") %>" of an item from the parent DataList?
1

The solutions provided are very good. It should also be noted that trying to place your "value" directly in the query, you are opening yourself up to SQL injection attacks. Using the select parameters prevents and protects you from this.

Improve this answer

Comments

0

I had the same issue and my lazy approach to solving it was to do as follows:

command.CommandText = item.Query.Replace("@Value", Value);
command.ExecuteNonQuery();

Dirty, easy and most likely not the proper way to do it.

Improve this answer

2 Comments

This is not good. It opens your query up to a sql injection attack. Never directly replace variables in a SQL query without scrubbing them first.
Like I stated, not the proper way to do it, also doesn't cause an issue if you have already validated Value before doing the replacement
0

I would really recommend against using a SqlDataSource control. A SqlDataSource provides very little in the realm is reuse.

Programatically make the DB call

If you make the call in a separate class (or even better in a DAL) you will be able to use it across multiple pages with ease. Also, when a change occurs to your query you will just have to change it in one place.

Here is a sample below that uses the Entity Framework to access the database

Mark up

<asp:DropDownList ID="ddlTest" runat="server"></asp>

Code Behind

public List<Record> GetAllRecordsByUserName(string credentials)
{
    List<Record> recordList;
    using (CustomEntities context = new CustomEntities())
    {

        IQueryable<Record> recordQuery = from records in context.Records
                                              where records.UserName == credentials
                                              select records; 
        recordList = recordQuery.ToList<Record>();
    }
    return recordList;
}

public void ValidateAndBind(string username)
{
    List<Record> recordList = GetAllRecordsByUserName(username);

    // Do validation here

    ddlTest.DataSource = recordList;
    ddlTest.DataBind();
}

protected void Page_Load(object sender, EventArgs e)
{
    ValidateAndBind("test.username");
}
Improve this answer

Comments

0

Another way to achieve your goal without code behind is using an Hidden Field and doing the following:

<asp:HiddenField runat="server" ID="HfieldID" Value='<%# Eval("value")%>'/>
<asp:SqlDataSource ID="SqlDataSource1" runat="server" ConnectionString="<%$ ConnectionStrings:TestDatabaseConnectionString %>" SelectCommand="SELECT * FROM [Contacts] WHERE [Name] = @Name">
    <SelectParameters>
        <asp:ControlParameter Name="Name" PropertyName="Value" ControlID="HfieldID" DbType="String" />
    </SelectParameters>
</asp:SqlDataSource>

Be sure to put this before any controls that will use this SqlDataSource.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.