如何将参数值传递给SqlDataSource

Question

我正在使用SqlDataSource来填充GridView。 这是我的代码：

private void DataCall()
{
    //Object gets created for use from the class(clsDataConduit)
    clsDataDictionary AnOrder = new clsDataDictionary();
    //Declaring a new SqlDataSource from the inbuilt class library
    SqlDataSource sqlDS_ItemTable = new SqlDataSource();
    //Using our datasource object being cast onto our objects connectionstring
    sqlDS_ItemTable.ConnectionString = AnOrder.ConnectionString;
    //Our sql statement being passed through to our .SelectCommand method
    sqlDS_ItemTable.SelectCommand = "Select tblOrders.OrderId, tblItem.ItemName, tblOrders.DateOrdered from tblItem, tblOrders where tblItem.ItemId = tblOrders.ItemId AND tblOrders.AuthId = 5";
    //Adding controls to our SqlDataSource object
    this.Controls.Add(sqlDS_ItemTable);
    //Declares the DataSource for our gridview !
    grdOrder.DataSource = sqlDS_ItemTable;
    //Binds the data to refresh every time it's used
    grdOrder.DataBind();
}

正如你在最后的SQL语句中看到的那样，我正在做这个tblOrders.AuthId = 5 。 但是我想做这样的事情tblOrders.AuthId = SessionAuthId .

我读了一些关于单独执行command.Parameters.Add(new SqlParameter("Name", dogName));行的帖子command.Parameters.Add(new SqlParameter("Name", dogName)); 但我不知道如何将其应用于我的代码。

我正在使用别人的代码（教授）进行任务，但我想稍微编辑它，因为我将开发一个登录系统等。

有人可以看看那个方法，看看我将如何更改它以将参数传递给它。 这里还有完整的代码： http ： //pastebin.com/sdrvW5Zn

Answer 1

您可以使用SelectParameters属性执行参数化查询。

sqlDS_ItemTable.SelectCommand = "Select tblOrders.OrderId, tblItem.ItemName, tblOrders.DateOrdered from tblItem, tblOrders where tblItem.ItemId = tblOrders.ItemId AND tblOrders.AuthId = @authID";

sqlDS_ItemTable.SelectParameters.Add(new SqlParameter("@authID", SessionAuthID));

Answer 2

 String authId = SessionAuthID;//pass your session ID to the variable or directly you can     pass this value as the parameter value:

 string strSQL = "Select tblOrders.OrderId, tblItem.ItemName, tblOrders.DateOrdered from   tblItem, tblOrders where tblItem.ItemId = tblOrders.ItemId AND tblOrders.AuthId = @ID";
 SqlCommand cmdItem = new SqlCommand(strSQL, clsMain_Connection.openConn());
 cmdItem.Parameters.AddWithValue("@ID", authId);

Answer 3

TheGreatCO建议的string.format方法看起来适用于您将SQL查询作为字符串传递的当前实现。

否则，您可以从SQL代码段创建存储过程，并将其设置为参数。

我假设sessionAuthId是一个int。

CREATE PROCEDURE SP_SAMPLEPROCEDURENAME

(
    @p1 int      -- here the input parameter is declared
)


AS
    BEGIN

Select 
tblOrders.OrderId, 
tblItem.ItemName, 
tblOrders.DateOrdered 
from tblItem, tblOrders 
where tblItem.ItemId = tblOrders.ItemId 
AND tblOrders.AuthId = @p1   -- here the input parameter is used

END

要从c＃调用存储过程，您需要一个这样的方法：

public YOURReturnObject PopulateGridView(int sessionid)
{

SqlConnection conn = new SqlConnection("YourDBConnectionString);
SqlCommand comm = new SqlCommand("SP_SAMPLEPROCEDURENAME", conn);
comm.CommandType = CommandType.StoredProcedure;
comm.Parameters.AddWithValue("@p1",sessionid);

YOURReturnObject o = new YOURReturnObject();

using (comm.Connection)
{
comm.Connection.Open();
while (reader.Read())
{
//read the results into return object 

}

}
返回o;

}

Answer 4

使用“SelectParameters”

sqlDS_ItemTable.SelectParameters.Clear(); 
sqlDS_ItemTable.SelectCommand = "Select tblOrders.OrderId, tblItem.ItemName, tblOrders.DateOrdered from tblItem, tblOrders where tblItem.ItemId = tblOrders.ItemId AND tblOrders.AuthId = @authID";
sqlDS_ItemTable.SelectParameters.Add("authID", SessionAuthID);

// sqlDS_ItemTable.SelectParameters.Add("stringParam",  TypeCode.String, stringParam); //like so for string validation

Answer 5

使用string.Format() http://msdn.microsoft.com/en-us/library/system.string.format.aspx

做类似的事情：

sqlDS_ItemTable.SelectCommand = string.Format("Select tblOrders.OrderId, tblItem.ItemName, tblOrders.DateOrdered from tblItem, tblOrders where tblItem.ItemId = tblOrders.ItemId AND tblOrders.AuthId = {0}", SessionAuthId);

要回答第二个问题，您可以更改方法的签名以包含参数。

private void DataCall(string SessionAuthId)
{
    // your method here...
}