开发者

How to embed variable value in sqldatasource session parameter in c#

I want to question how to embed variable value in sqldatasource session parameter in c#. This is mycode:

default.aspx:

<asp:SqlDataSource ID="SqlDataSource1" runat="server" 
    ConnectionString="<%$ ConnectionStrings:Ora2011 %>" 
    ProviderName="<%$ ConnectionStrings:Ora2011.ProviderName %>" 
    SelectCommand="SELECT ID, CATEGORY_NAME FROM (:INVENT_CATEGORY)"> 
    <SelectParameters>
        <asp:SessionParameter Name="INVENT_CATEGORY" SessionField="INVENT_CATEGORY" Type="String" />
    </SelectParameters>     
</asp:SqlDataSource>

C#:

protected void Page_Load(object sender, EventArgs e)
{
    string table = "V_INVENTORY"
    Session["INVENT_CATEGORY"] = table;
}

When i run开发者_如何学Go this program, i get error "invalid table name". Why i can't embed variable into sqldatasource from session parameter. Thanks for your help


Your issue isn't with the Session parameter... The problem is that you are trying to specify the table-name via a parameter -- which I'm pretty sure is not supported. You'd have to build the query string yourself in your code-behind to do what you are trying to do.

I'm not sure why you are storing the table name in Session, but an example of setting the sql select in code-behind would be...

Markup:

<asp:SqlDataSource ID="SqlDataSource1" runat="server" 
    ConnectionString="<%$ ConnectionStrings:Ora2011 %>" 
    ProviderName="<%$ ConnectionStrings:Ora2011.ProviderName %>" 
</asp:SqlDataSource>

Code-behind:

protected void Page_Load(object sender, EventArgs e)
{
    string table = (string)(Session["INVENT_CATEGORY"] ?? "V_INVENTORY");

    SqlDataSource1.SelectCommand = "SELECT ID, CATEGORY_NAME FROM " + table;
}

You must make sure that the session value for the table name can only contain valid values, or there is a danger of SQL Injection attacks.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜