3 Replies - 4210 Views - Last Post: 29 December 2011 - 09:53 AM Rate Topic: -----

#1 webwired   User is offline

  • D.I.C Regular
  • member icon

Reputation: 33
  • View blog
  • Posts: 339
  • Joined: 26-August 07

Variable Column Name in Select Statement in SQLDataSource

Posted 26 December 2011 - 10:18 AM

Hey everyone... So it would seem that dynamically naming the column that you want to query, while in a SQLDataSource, isn't a natural feature... Would anyone have any ideas on how I might go about accomplishing this? Because my following code does not work... I believe that it doesn't accept a variable in the Column/Field name, as it is...

So my search looks like this...
        <asp:Label ID="SearchLabel" runat="server" Text="Search By"></asp:Label>
        <asp:DropDownList ID="SearchParameterDropDownList" runat="server">
            <asp:ListItem Value="AssetID">Asset ID</asp:ListItem>
            <asp:ListItem Value="AssetType">Asset Type</asp:ListItem>
            <asp:ListItem Value="AssetManufacturerMake">Manufacturer</asp:ListItem>
            <asp:ListItem Value="AssetModelNoModel">Model</asp:ListItem>
            <asp:ListItem Value="AssetLocation">Location</asp:ListItem>
            <asp:ListItem Value="AssetAssignedTo">Assigned To</asp:ListItem>
        </asp:DropDownList>
        <asp:TextBox ID="SearchCriteriaTextBox" runat="server"></asp:TextBox>
        <asp:Button ID="SearchButton" runat="server" Text="Search" />



And my SQLDataSource looks like this...
    <asp:SqlDataSource ID="GetAssetsSqlDataSource" runat="server" 
        ConnectionString="<%$ ConnectionStrings:bbfcapzi_tocodeindotnetConnectionString %>" 
        SelectCommand="SELECT [AssetID], [AssetType], [AssetManufacturerMake], [AssetModelNoModel], [AssetLocation], [AssetAssignedTo] FROM [Assets] WHERE (@SearchParameterDropDownList = @SearchCriteriaTextBox) ORDER BY [AssetID]">
        <SelectParameters>
            <asp:ControlParameter ControlID="SearchParameterDropDownList" Name="SearchParameterDropDownList" 
                PropertyName="SelectedValue" Type="String" />
            <asp:ControlParameter ControlID="SearchCriteriaTextBox" Name="SearchCriteriaTextBox" 
                PropertyName="Text" Type="String" />
        </SelectParameters>
    </asp:SqlDataSource>



Is This A Good Question/Topic? 0
  • +

Replies To: Variable Column Name in Select Statement in SQLDataSource

#2 webwired   User is offline

  • D.I.C Regular
  • member icon

Reputation: 33
  • View blog
  • Posts: 339
  • Joined: 26-August 07

Re: Variable Column Name in Select Statement in SQLDataSource

Posted 26 December 2011 - 10:31 AM

Nevermind, I have a solution that works...

        protected void Page_Load(object sender, EventArgs e)
        {
            if (Page.IsPostBack)
            {
                GetAssetsSqlDataSource.SelectCommand = string.Format("SELECT [AssetID], [AssetType], [AssetManufacturerMake], [AssetModelNoModel], [AssetLocation], [AssetAssignedTo] FROM [Assets] WHERE {0}='{1}'", SearchParameterDropDownList.SelectedValue, SearchCriteriaTextBox.Text);
            }
        }


Was This Post Helpful? 0
  • +
  • -

#3 eclipsed4utoo   User is offline

  • Not Your Ordinary Programmer
  • member icon

Reputation: 1533
  • View blog
  • Posts: 5,972
  • Joined: 21-March 08

Re: Variable Column Name in Select Statement in SQLDataSource

Posted 29 December 2011 - 09:19 AM

So basically, you are allowing SQL injection attacks?
Was This Post Helpful? 0
  • +
  • -

#4 webwired   User is offline

  • D.I.C Regular
  • member icon

Reputation: 33
  • View blog
  • Posts: 339
  • Joined: 26-August 07

Re: Variable Column Name in Select Statement in SQLDataSource

Posted 29 December 2011 - 09:53 AM

View Posteclipsed4utoo, on 29 December 2011 - 10:19 AM, said:

So basically, you are allowing SQL injection attacks?


No, wasn't my plan, but now that I look at it, I can see that I definitely need to do some user input validation...

Thanks for the notice.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1