if i do this to set the fetch parameters:
dsList.SelectParameters["client_id"].DefaultValue = Session["client_id"].ToString();
where dsList is my datasource, it works.
but wen i do the samething for the *%^&* insert, it doesnt:
dsList.InsertParameters["client_id"].DefaultValue ="1234";
it keeps saying its null, i dont understand why it woudl be doing this?
I have asked similiar question before where I have two control on the page header says "username" and "gender". User can select both the control or either one and the page will execute searching based on the criteria supplied. So if username supplied
SELECT * FROM [this_table] WHERE username = @username
and if gender supplied
SELECT * FROM [this_table] WHERE gender = @gender
and if both supplied
SELECT * FROM [this_table] WHERE username = @username AND gender = @gender
I know this sounds not very complicated but in my case, I am having like more than 10 controls up there. It is something likeusername, gender, age, date of brith, title, father name, frst name, last name, blur blur blur and it's a lot then I started to lost. if i were to use if else caluse on code-behind and produce query, it would end up writing a lot of if-else and if i use stored procedure (with if-else) then my stored procedure would contains a lot of if-else statement. I am fairly new to this concept and if I'm on the wrong track, please correct me. Is there any better way to save my hair without actually going through each
if-else statement to build the query ?p.s. I'm using GridView and SqlDataSource command to display the result back on .aspx page.
I am trying to check whether a username exists in my database before inserting the new row & display a message to the user if it does.
On my SqlDataSource my InsertCommand looks like this:
InsertCommand="IF NOT EXISTS (SELECT * FROM Users WHERE UserName = @UserName) BEGIN INSERT [Users] ([UserName], [FirstName], [LastName], [City], [State], [Country], [CompanyName], [Active], [PasswordHash]) VALUES (@UserName, @FirstName, @LastName, @City,
@State, @Country, @CompanyName, @Active, @PasswordHash) END"
This works as expected: If the username is unique, the row is created.
If the username already exists, the row is not added.
The problem is, if the row already exists, the insert is rejected but the user is not notified.
So my question is, is there a way I can notify the user?
Maybe something like: InsertCommand = "If Not Exists (select....) Begin Insert...Else Notify User Somehow End This is a basic database, I'm not using the built-in membership provider nor will be.
I have a FormView which is bound to an SQLDataSource. When a user clicks on a save button the form, I need to write any changes made to the FormView back to the table.
I have a Stored Procedure on my MSSQL 2005 database that should be executed when the user clicks on the save button.
It appears the Update is firing, but when I trap the DbCommand object in the SQLDataSource's 'Updating' event, all of the parameters that should be passed to the Stored Procedure are coming through as NULLs. Consequently, the Stored Procedure isn't updating anything.
In the click event of the save button I'm explicitly firing the SQLDataSource's Update method:
[Code]....
The parameters in the SQLDataSource <UpdateParameters></UpdateParameters> section appear to be correct.
Can anyone give me an idea on what to investigate to figure out why it appears the Update is only picking up NULLs?
I should perform a Query like this Select * from produtcts where model like @MODEL Now if model is selected from combobox, it should be Select * from produtcts where model like '%MODEL1%' while, if selected chooise is null, it should be like each element in my combobox. how should i do this (in SqlDataSource)
View 5 RepliesI have a page called Page2.aspx and it is called by another page called Page1.aspx and Page1.aspx passes two parameters namely: Name and Category to Page2.aspx. Does anyone know why the following code from Page2.aspx is not working and it keeps giving an error message as follows: " You have declare the parameter @Username".
string Cat1;
string Name1;
[Code]....
i have two sqldatasource controls. one i use to display data in textbox's ,filter'd by a select parameter in page behind code. Once checked, i want to copy this data to the other datasource ,by selecting checkbox.Then display this data in detailsview control.
At present the two datasource controls declared , render data to the page simultaneously during pageload. I want to first check data in textbox's from first source, before second datasource is rendered to screen. note, both are filtered by a page variable. i wish to leave the textbox datasource control in situ, as other controls and code depend on it.The other detailsview datasource is my problem?
I got DDL1: 10 miles
20 miles
TextBox1 : 'AAA20'
Button:
When user selects 10 miles from dropdownlist DDL1 and types AAA20 in textbox1 which is of type text, on button click it has to pull all the columns from database and show results in gridview using sqldatasource store procedure. I'm stuck in server side code..how to pull the data..in store procedure I'm passing two parameters val1 and val2. val1 gets data from DDL1 and val2 gets data when user types in textbox1 and it has to validate the text...see the code below mentioned and tell me how to pass the params and get the data in gridview...
[code]....
a FormView that is linked to SqlDataSource1a Repeater control (inside the formview) that is linked to SqlDataSource2Thus representing a simple "1 to many" or "parent/child" relationship in the database!qlDataSource1 is simple in that it just retrieves a straight set of records from a table and they are displayed back in the FormView (nothing special happening there).SqlDataSource2 has parameters that filter the contents of the repeater based on the record that is shown in the Formview. This would normally be simple enough to set up by setting the parameter to the formview.selectedvalue property.HOWEVER - THE PROBLEM ARISES...The formview has multiple DataKeyNames because the table that the SqlDataSource1 links to has a compound key. So to filter the Repeater correctlySqlDataSource2 needs to map 3 parameters to 3 data key values in the formview.Any ideas how to do this?I've tried setting the SqlDataSource2 parameters to:
<SelectParameters>
<asp:ControlParameter ControlID="FormView1" Name="Parameter1" PropertyName="DataKey(0)" />
<asp:ControlParameter ControlID="FormView1" Name="Parameter2" PropertyName="DataKey(1)" />
[code]...
In following SQL query: SELECT DISTINCT CodeID, CodeDesc FROM Faults.TblFltClearCodes AS TblFltClearCodes
I am getting a list but there is no null value.Within this query I would like to get only one NULL value at the top and then the list.How to do this? Explicitly I am not allowed to give a null value in the table in DB.
[code]....
Is ther a way I can tie DataSource to SqlDataSource on aspx page and pass select parameters?
I dragged and dropped a sqldatasource and want to do an insert statement, taking the new values from a textbox. I did this already however when i do my insert statement eg. INSERT INTO Development_Programme(MHID) VALUES (@m) HOWEVER when to select the insert parameters the 'Next' button and the 'Finish' button is shaded off, I added a Select statement and the 'Next' was unshaded HOWEVER the screen to select the insert parameters is not appearing it goes straight to the Test Query.
View 3 Repliesthis is my html code [Code]....
i need to set null value to SqlDataSource Insert Parameter at runtime
i am used this code
[Code]....
i want to insert regular, strings in sqldatasource.
in the "sss" i put joe and in the saw i put 'no' and it doesnt work!
<asp:SqlDataSource
ID="sql3"
runat="server"
InsertCommand="insert
into inbox(message,title,sss,to,saw) values(@message,@title,'joe',@to,'no')"
SelectCommand="select
* from inbox"
ProviderName="System.Data.OleDb"
ConnectionString='<%$connectionstrings:
sql %>'>
<InsertParameters>
<asp:Parameter
Type="String"
Name="message"
/>
<asp:Parameter
Type="String"
Name="title"
/>
<asp:Parameter
Type="String"
Name="sss"
/>
<asp:Parameter
Type="String"
name="to"
/>
<asp:Parameter
Type="String"
Name="saw"
/>
1. I have a GridView on my page and it uses sqldatasource with parameterized query. What I want to do is, on page load (where nothing has been selected so no parameter supplied), I want it to query everything (something like SELECT * FROM [this_table]) but since my SelectCommand is something like
SELECT * FROM [this_table] WHERE [this_column] = @someParameters AND [that_column] = @someParameters.
Can I play around with default value to achieve something like that but how ? Now, when the page loads, it doesn't show anything (No Gridview).
2. On my page, I made something like (username, gender, address, and more) and one single search button. That means, no single control enable auto postback. What I am trying to accomplish is building dynamic query
(if username specifed -> SELECT * FROM [this_table] WHERE [username] LIKE @username).
If both username and gender are specified (SELECT * FROM [this_table] WHERE [username] LIKE @username AND [gender] = @gender) and you know the rest. How can I do this using GridView and SqlDataSource ? To my knowledge, I can only specify one SELECT statement in a sqldatasource.
I have been in the process of updating my code with security methods, and I've been learning this from [URL] (or "Security Guidelines: ASP.NET 2.0"). In the middle of the page under "When Constructing SQL Queries, Use Type Safe SQL Parameters" it says "Use type safe parameters when constructing SQL queries to avoid possible SQL injection attacks that can occur with unfiltered input". Now, what they suggested was to use code like:
"DataSet userDataset = new DataSet();
SqlDataAdapter myCommand = new SqlDataAdapter(LoginStoredProcedure", connection);
myCommand.SelectCommand.CommandType = CommandType.StoredProcedure;
myCommand.SelectCommand.Parameters.Add("@au_id", SqlDbType.VarChar, 11);........"
But, I was already using code like:
"var dataSource = (SqlDataSource)form1.FindControl("sqlDataSource5") ;
dataSource.UpdateParameters.Add("someVal", val);"
So now, to use type safe parameters, I decided to include it like:
"var dataSource = (SqlDataSource)form1.FindControl("sqlDataSource5") ;
dataSource.UpdateParameters.Add("@someVal", DbType.Int16, val);
dataSource.UpdateParameters["@someVal"].Size = 1;"
So, that would be how I would modify my current code base to use type safe parameters in sql updating/inserting.
Getting to my actual question, as it was said "Use type safe parameters when constructing SQL queries to avoid possible SQL injection attacks that can occur with unfiltered input". First off, this suggests that this should apply to unfiltered input. Also, in their example they only did this for an ID.
So, what I'd like to know, when it comes to "unfiltered input", does this mean as long as the input is unfiltered I must use type safe parameters, or even filtered input shall have this (just to be sure), like, input that has been ran through a regularexpression check? Shall I do this for all values I insert/update into the database, or just IDs and important things?
The way I see it right now is that it would be a good precaution to just do type safe checks on everything (literally) that updates/inserts into the database just to be extra safe. But, I really am unsure if this is really the best idea, because if I did, would this possibly cause overprocessing of information? Can this cause too much strain on server resources? If my fears serve true, what would be a good suggestion of how I could implement this properly without having to worry about what I said?
I am trying to tie a sqlDatasource to a Stored Procedure. The stored procedure looks like...
[Code]........
I have big filter coming from database by using storedprocedure. This stored procedure contains about 12 parameters. In asp.net page I select these values and after doing that I want to pass these values to SqlDataSourec which is bound to gridview. How can I pass these values to SqlDataSource, manually in codebehind?
View 8 RepliesI am working on a form that I would like to display a dropdownlist or textbox to insert data into the same field.
Currently it is setup where the end user can use one or the other but not both. I am running into a problem getting with the insert parameters for the secondary control. In this case the textbox.
Is it possible to use and Or statment in my Insert Query? I have tried to no avail.
[Code]....
Am trying to use sqldatasource to insert into a table and it comes up with the error message" Could not find control 'txtLast' in ControlParameter 'LastName'.
View 2 RepliesGetting the message that ObjectDataSource ... count not find a non-generic method ... that has parameters ... The parameter list is fine until I get to the very end and it list the two data fields that are in my DetailsView. Using the ASP Tutorial #17 (Examining the Events Associated with Inserting, Updating, and Deleting) and the Exploring the Data Modification - specifically the one showing the INSERT of the Product Name and UnitPrice. ASPX page is pretty simple and attempting something similar, two fields to insert a new record - update the other fields later.
Full Error Message follows along with ASPX and the AsignaturasBLL.cs. Interesting thing is that when I swap the two fields in the DetailView, then the last two fields in the error message are swapped. In the error message I bolded these two fields.
[Code]....
I've added a simple SqlDataSource to my site with insert properties. I've also created some code behind to capture the insert command (oninserting="SqlDataSource_NewsLetterSubscription_Inserting").
Thing is how do I actually trigger the command to 'insert' from a standard button?
<asp:SqlDataSource ID="SqlDataSource_NewsLetterSubscription" runat="server"
How can i set sql parameters for an sqlDatasource in the code behind?
I am trying like this:
[code]....
I have an ASP.NET 3.5 web form with a DropDownList bound to a table of company names in a database. I also have a data bound GridView which I would like to update with data from the database depending on the company name selected in the DropDownList, so that the SelectCommand for the GridView's SqlDataSource is:
SELECT Registration, Telephone, Profile FROM {CompanyName}_VehicleData
Where {CompanyName} is whatever is selected in the DropDownList. I've used the Command and Parameter Editor to create a ControlParameter pointing to the SelectedValue of the DropDownList, but I don't know how to write the SelectCommand query to concatenate the parameter to '_VehicleData'.
I am trying to pass the parameters dynamically thru Sqldatasource and get the results in grid view. Based on the dropdown list selection it has to show the results in grid view. When I hard code its giving correct results but when passing thru parameters i'm unable to get the results in grid view.
Output shud be something like this:
Select the value: 123
124
125.
Lets say user selects '123', the query it runs in sqldatasource is Select col1,col2,col3 from table1 where col1 LIKE '123%'
results will be 12301,12302,12303 with other columns in grid view.
[code]....
