1. 首頁
  2. 問答
  3. sqlDataSource選擇不適用於where子句

sqlDataSource選擇不適用於where子句

2013-03-04 102 views
1

我將gridview綁定到sqldatasource.my問題是,當我在select語句中沒有where子句時使用sqldatasource時,它工作正常,但是當我將它與where子句一起使用時,它在Query Builder測試中工作正常,返回記錄但在運行時不起作用。 我使用Sql Profiler和查看查詢不運行時,我使用Where子句。我聽說.NET防止運行查詢與where子句,因爲SQL注入,但我不知道如何糾正我的查詢。 我的SqlDataSource:sqlDataSource選擇不適用於where子句

<asp:SqlDataSource ID="SqlDataSource2" runat="server" 
     ConnectionString="<%$ ConnectionStrings:chargeDBConnectionString %>" SelectCommand="SELECT CARDNUMBER, VISITDATE, ACCNUMBER, ACTIONCODE FROM LOGTABLE WHERE (CARDNUMBER = @cardno OR @cardno IS NULL AND CARDNUMBER &lt;&gt; N'-' AND @ttype = 1 OR @ttype = 0) AND (VISITDATE &gt;= @fdate AND VISITDATE &lt;= @edate) AND (ACCNUMBER = @accno OR @accno IS NULL AND ACCNUMBER &lt;&gt; N'-' AND @ttype = 0 OR @ttype = 1) AND (ACTIONCODE = @actioncode OR @actioncode IS NULL)"> 
     <SelectParameters> 
      <asp:FormParameter FormField="cardNo" Name="cardno" /> 
      <asp:ControlParameter ControlID="ddlType" Name="ttype" 
       PropertyName="SelectedValue" /> 
      <asp:FormParameter FormField="fromDate" Name="fdate" /> 
      <asp:FormParameter FormField="toDate" Name="edate" /> 
      <asp:FormParameter FormField="accNo" Name="accno" /> 
      <asp:ControlParameter ControlID="ddltransname" Name="actioncode" 
       PropertyName="SelectedValue" /> 
     </SelectParameters> 
    </asp:SqlDataSource>

來源

2013-03-04 siavash

回答

1

最有可能的罪魁禍首是你的參數之一是評估爲null,並且SqlDataSource被取消選擇查詢。

要糾正這一點,你需要在你的SqlDataSource聲明中設置SqlDataSource.CancelSelectOnNullParameter屬性設置爲false(這是真的默認):

<asp:SqlDataSource ID="SqlDataSource2" runat="server" 
    ConnectionString="<%$ ConnectionStrings:chargeDBConnectionString %>" 
    SelectCommand="SELECT CARDNUMBER, VISITDATE, ACCNUMBER, ACTIONCODE FROM LOGTABLE WHERE (CARDNUMBER = @cardno OR @cardno IS NULL AND CARDNUMBER &lt;&gt; N'-' AND @ttype = 1 OR @ttype = 0) AND (VISITDATE &gt;= @fdate AND VISITDATE &lt;= @edate) AND (ACCNUMBER = @accno OR @accno IS NULL AND ACCNUMBER &lt;&gt; N'-' AND @ttype = 0 OR @ttype = 1) AND (ACTIONCODE = @actioncode OR @actioncode IS NULL)" 
    CancelSelectOnNullParameter="False"> 
    <SelectParameters> 
     <asp:FormParameter FormField="cardNo" Name="cardno" /> 
     <asp:ControlParameter ControlID="ddlType" Name="ttype" 
      PropertyName="SelectedValue" /> 
     <asp:FormParameter FormField="fromDate" Name="fdate" /> 
     <asp:FormParameter FormField="toDate" Name="edate" /> 
     <asp:FormParameter FormField="accNo" Name="accno" /> 
     <asp:ControlParameter ControlID="ddltransname" Name="actioncode" 
      PropertyName="SelectedValue" /> 
    </SelectParameters> 
</asp:SqlDataSource>

來源

2013-03-04 15:54:22 jadarnel27

相關問題

 相關問題