Is there a way to use a parameterized filter on a DataView?
Is there a way to use a parameterized filter on a Da开发者_如何学JAVAtaView?
I want to filter rows in a DataView based on a users' search criteria. When doing SQL lookups I can use parameters which help resolve issues with both strange characters and protects against SQL injection. While weird things from a user won’t return or harm data with my view, it will prevent a search from executing property.
If I have DataView DV, how do I set the row filter so that input “test’test” doesn’t escape the search string dv.rowfilter= “col like ‘” & searchtext & “’”
?
[EDIT]
Since this just isn't possible I decided to use Linq with a regular expression.
I don't think it's possible to use parameters with a DataView
. You can do a simple string replace to escape single quotes.
dv.rowfilter= “col like ‘%” & searchtext.Replace("'", "''") & “%’”
or use String.Format
which, personally, i think is a little cleaner.
dv.rowfilter= String.Format(“col like ‘%{0}%’”, searchtext.Replace("'", "''"));
精彩评论