下拉列表选择项
[英]Drop Down List Selected Item
问题描述
I am trying to select a dynamic data from drop down list and view the details of selected items. 
我正在尝试从下拉列表中选择动态数据,并查看所选项目的详细信息。 I have no problem in populating the drop down list with data from database. 在用数据库中的数据填充下拉列表时,我没有问题。 However, when I selected some items, it does not shows up the detail. 但是,当我选择某些项目时,它不会显示细节。
In my presentation layer, when drop down list item is selected: 在我的表示层中,当选择下拉列表项时:
protected void ddlScheduleList_SelectedIndexChanged(object sender, EventArgs e)
{
string address = ddlScheduleList.SelectedItem.ToString();
Distribution scheduledIndv = new Distribution();
scheduledIndv = packBLL.getDistributionDetail(address);
if (scheduledIndv == null)
{
Console.Out.WriteLine("Null");
}
else
{
tbScheduleDate.Text = scheduledIndv.packingDate.ToString();
tbBeneficiary.Text = scheduledIndv.beneficiary;
}
}
In my business logic layer, I get the selected address and pass it to data access layer: 在我的业务逻辑层中,我获得了所选地址并将其传递给数据访问层:
public Distribution getDistributionDetail(string address)
{
Distribution scheduledIndv = new Distribution();
return scheduledIndv.getDistributionDetail(address);
}
In my data access layer, I tested out the SQL statement already. 在我的数据访问层中,我已经测试了SQL语句。 It gives me what I wanted. 它给了我我想要的东西。 But it just won't show up in web page. 但是它只是不会显示在网页上。
public Distribution getDistributionDetail(string address)
{
Distribution distributionFound = null;
using (var connection = new SqlConnection(FoodBankDB.GetConnectionString())) // get your connection string from the other class here
{
SqlCommand command = new SqlCommand("SELECT d.packingDate, b.name FROM dbo.Distributions d " +
" INNER JOIN dbo.Beneficiaries b ON d.beneficiary = b.id " +
" WHERE b.addressLineOne = '" + address + "'", connection);
connection.Open();
using (var dr = command.ExecuteReader())
{
if (dr.Read())
{
DateTime packingDate = DateTime.Parse(dr["packingDate"].ToString());
string beneficiary = dr["beneficiary"].ToString();
distributionFound = new Distribution(packingDate, beneficiary);
}
}
}
return distributionFound;
}
And my execute Reader method in another separated class: 我的执行Reader方法在另一个单独的类中:
public static string connectionString = Properties.Settings.Default.connectionString;
public static string GetConnectionString()
{
return connectionString;
}
public static SqlDataReader executeReader(string query)
{
SqlDataReader result = null;
System.Diagnostics.Debug.WriteLine("FoodBankDB executeReader: " + query);
SqlConnection connection = new SqlConnection(connectionString);
SqlCommand command = new SqlCommand(query, connection);
connection.Open();
result = command.ExecuteReader();
connection.Close();
return result;
}
I wonder what went wrong. 我想知道出了什么问题。 Is it about the (!IsPostBack) or? 是关于(!IsPostBack)还是?
Thanks in advance. 提前致谢。
1 个解决方案
解决方案1
1 2013-12-09 15:12:57
You found your mistake, but to avoid Sql Injection, modify your code like this: 您发现了错误,但是为了避免Sql Injection,请像这样修改代码:
SqlCommand command = new SqlCommand("SELECT d.packingDate, b.name FROM dbo.Distributions d " +
" INNER JOIN dbo.Beneficiaries b ON d.beneficiary = b.id " +
" WHERE b.addressLineOne = @address", connection);
command.Parameters.AddWithValue("@address", address);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.