1

I need to pass this value Request.QueryString in my asp:SqlDataSource?

 <asp:SqlDataSource runat="server" 
                    ID="SqlDataSource2" ConnectionString='<%$ ConnectionStrings:messageexchangeConnectionString %>' 
                    ProviderName='<%$ ConnectionStrings:messageexchangeConnectionString.ProviderName %>' 
                    SelectCommand='SELECT distribution_address FROM exchange_distribution_groups ex WHERE (organisation_id = 'Request.QueryString["organisation"]') AND (distribution_address NOT IN (SELECT distribution_address FROM exchange_distribution_group_addresses address))'>     
 </asp:SqlDataSource>
Improve this question
1
  • That SelectCommand appears extremely susceptible to Sql Injection Attacks. Commented Sep 6, 2013 at 9:21

2 Answers 2

Reset to default
2

Try this:

<asp:SqlDataSource ID="SqlDataSource2" runat="server" 
    ConnectionString="<%$ ConnectionStrings:messageexchangeConnectionString %>" 
    SelectCommand="SELECT organisation_id,distribution_address FROM exchange_distribution_groups ex WHERE (([organisation_id] = @id) AND (distribution_address NOT IN (SELECT distribution_address FROM exchange_distribution_group_addresses address))">
    <SelectParameters>
        <asp:QueryStringParameter Name="id" QueryStringField="organisation" Type="Int32" />
    </SelectParameters>
</asp:SqlDataSource>
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks for your help :) but it return nothing !! i think it is not take the value of organiasation !!!
2

You can use this 

     <asp:SqlDataSource runat="server" ID="SqlDataSource2"
         ConnectionString='<%$ ConnectionStrings:messageexchangeConnectionString %>'
         ProviderName='<%$ ConnectionStrings:messageexchangeConnectionString.ProviderName %>'
         SelectCommand='SELECT distribution_address FROM exchange_distribution_groups ex WHERE (organisation_id = '<%# Request.QueryString["organisation"] %> ') AND (distribution_address NOT IN (SELECT distribution_address FROM exchange_distribution_group_addresses address))'>    
     </asp:SqlDataSource>
Improve this answer

3 Comments

thanks for your help , i think i am getting there but i have this error: Parser Error Description: An error occurred during the parsing of a resource required to service this request. Please review the following specific parse error details and modify your source file appropriately. Parser Error Message: The server tag is not well formed.
@Ismail Saifo - "The server tag is not well formed" is raised if the asp.net tags are not complete and donot follow the specified format. I believe that its with the SqlDataSource tag. Check it once
I did that But when I put : <%# Request.QueryString["mailbox"] %> i get the error :(

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.