搜索/排序以显示GridView中的特定字段

本文关键字:字段 GridView 排序 显示 搜索 | 更新日期: 2023-09-27 18:02:53

在我将数据绑定到.cs文件中的GridView之前。我有搜索/排序工作(通过在文本框中输入搜索数据库,通过从下拉列表中选择一个选项进行排序)。但是,现在我将数据绑定到.aspx文件中,当然我的排序/搜索不再工作了。我怎样才能改变我的排序/搜索算法,使正确的数据绑定??

(searchFill是调用搜索/排序的函数)

cs 

 protected void Page_Load(object sender, EventArgs e)
    {
        rootWebConfig = System.Web.Configuration.WebConfigurationManager.OpenWebConfiguration("/Cabot3");
        connectionString = rootWebConfig.ConnectionStrings.ConnectionStrings["SecureODBConnectionString"];
        searchFill();
        GridViewRow row = DefaultGrid.SelectedRow;
        int rowIndex = DefaultGrid.SelectedIndex;
        HiddenGrid.SelectedIndex = rowIndex;
        GridViewRow row2 = HiddenGrid.SelectedRow;
        //int id = Convert.ToInt32(row.Cells[25].Text);
        fName = row2.Cells[0].Text;
        lName = row2.Cells[1].Text;
        addr = row2.Cells[2].Text;
        addr2 = row2.Cells[3].Text;
        city = row2.Cells[4].Text;
        state = row2.Cells[5].Text;
        zip = row2.Cells[6].Text;
        country = row2.Cells[7].Text;
        email = row2.Cells[8].Text;
        phone = row2.Cells[9].Text;
        ccType = row2.Cells[10].Text;
        ccNum = row2.Cells[11].Text;
        ccExp = row2.Cells[12].Text;
        length = row2.Cells[13].Text;
        delivery = row2.Cells[14].Text;
        price = row2.Cells[15].Text;
        source = row2.Cells[16].Text;
        joined = row2.Cells[17].Text;
        url = row2.Cells[18].Text;
        orderResults = row2.Cells[19].Text;
        pubName = row2.Cells[20].Text;
        sourceCode = row2.Cells[21].Text;
    }
    protected void searchFill()
    {
        orderByString = orderByList.SelectedItem.Value;
        fieldString = searchTextBox.Text;
        string sqlStatement = "SELECT * FROM SecureOrders WHERE fName LIKE '%" + fieldString + "%' OR lName LIKE'%" + fieldString + "%' OR addr LIKE'%" + fieldString + "%' OR addr2 LIKE'%" + fieldString + "%' OR city LIKE'%" + fieldString + "%' OR state LIKE'%" + fieldString + "%' OR zip LIKE'%" + fieldString + "%' OR zip LIKE'%" + fieldString + "%' OR country LIKE'%" + fieldString + "%' OR email LIKE'%" + fieldString + "%' OR phone LIKE'%" + fieldString + "%' OR ccType LIKE'%" + fieldString + "%' OR ccNum LIKE'%" + fieldString + "%' OR ccExp LIKE'%" + fieldString + "%' OR cwaSource LIKE'%" + fieldString + "%' OR cwaJoined LIKE'%" + fieldString + "%' OR length LIKE'%" + fieldString + "%' OR delivery LIKE'%" + fieldString + "%' OR price LIKE'%" + fieldString + "%' OR url LIKE'%" + fieldString + "%' OR orderResults LIKE'%" + fieldString + "%' OR pubName LIKE'%" + fieldString + "%' OR sourceCode LIKE'%" + fieldString+ "%' ORDER BY " + orderByString;
        using (SqlConnection connection = new SqlConnection(connectionString.ToString()))
        using(SqlCommand searchSort = new SqlCommand(sqlStatement, connection))
        {
            searchSort.Parameters.AddWithValue("@fieldString", fieldString);
            searchSort.Parameters.AddWithValue("@orderByString", orderByString);
            connection.Open();
                searchSort.ExecuteNonQuery();             
            connection.Close();
        }
    }


 <asp:GridView ID="DefaultGrid" 
        runat = "server"
        DataKeyNames = "IdentityColumn"
        onselectedindexchanged = "DefaultGrid_SelectedIndexChanged"
        autogenerateselectbutton = "True"
        enableviewstate = "False"
        selectedindex="0" DataSourceID="OrderSource" EnableModelValidation="True" 
        AutoGenerateColumns="False">
    <SelectedRowStyle BackColor="Azure"
        forecolor="Black"
        font-bold="true" />
    <Columns>
        <asp:TemplateField HeaderText = "Processed">
            <ItemTemplate>
                <asp:CheckBox
                ID="CheckBoxProcess"
                AutoPostBack = "true"
                Checked = '<%#Eval("processed") %>'
                OnCheckedChanged = "CheckBoxProcess_CheckedChanged"
                runat="server"
                Enabled = "true" />
            </ItemTemplate>
        </asp:TemplateField>
        <asp:BoundField DataField="fName" HeaderText="First Name" SortExpression="fName" />
        <asp:BoundField DataField="lName" HeaderText="Last Name" SortExpression="lName" />
        <asp:BoundField DataField="addr" HeaderText="Address" SortExpression="addr" />
        <asp:BoundField DataField="email" HeaderText="Email" SortExpression="email" />
        <asp:BoundField DataField="phone" HeaderText="Phone" SortExpression="phone" />
        <asp:BoundField DataField="ccType" HeaderText="Credit Card Type" 
            SortExpression="ccType" />
        <asp:BoundField DataField="length" HeaderText="Length" 
            SortExpression="length" />
    </Columns>
    </asp:GridView>
    <asp:SqlDataSource ID="OrderSource" runat="server" 
        ConnectionString="<%$ ConnectionStrings:SecureODBConnectionString %>" 
        SelectCommand="SELECT * FROM [SecureOrders]"></asp:SqlDataSource>
    </div>

搜索/排序以显示GridView中的特定字段

也许这个…

  1. 编写您的存储过程(如@coder所说…你这样做是不安全的)

    创建dbo.myPROC过程(@parm1 int = null, @parm2 int = null,…)作为开始

    SELECT
   field1,
   field2,
   field3,
   ...
FROM
   Table
WHERE
   (field1 = @parm1 or @parm1 is null)
   OR
   (field2 = @parm2 or @parm2 is null)
END

  2. 配置数据源(使用向导)

一旦您将存储过程标识为数据源,它将询问您存储过程中标识的每个参数的源值。只需填写默认值,其余部分不用处理。基本上你想要结束的是这样的东西(我没有得到这个语法正确-但你的智能感知会为你得到它一旦你开始):

...
<SELECT PARAMETERS>
   <PARAMETER name="parm1" type="integer">
   ...
</SELECT PARAMETERS>
  1. 修改你的searchFill()过程来使用你在你的onload
    2. 中创建的变量

me.datasource1.parameters.clear (). datasource .parameters("parm1").defaultvalue = fname;.datassource.parameters("parm2").defaultvalue = lname;…

  1. 重新绑定gridview

    me.gridview.databind

这并不优雅,但它似乎适合您目前所采用的方法。

必须从后面的代码向sql数据源传递参数。看看这个。

另外,您要小心sql注入攻击。永远不要将文本框值直接传递给sql语句。我希望您的实际代码中有一个存储过程。

相关文章: