C# Visual C使用querystring作为参数显示gridview
我一直在做一个项目,让用户选择项目进行比较。我的方法是使用复选框将用户选择的查询字符串发送到新页面compare.aspx。我正在为此compare.aspx使用gridview,下面是代码:C# Visual C使用querystring作为参数显示gridview,c#,asp.net,visual-studio-2008,C#,Asp.net,Visual Studio 2008,我一直在做一个项目,让用户选择项目进行比较。我的方法是使用复选框将用户选择的查询字符串发送到新页面compare.aspx。我正在为此compare.aspx使用gridview,下面是代码: <%@ Page Language="C#" AutoEventWireup="true" CodeBehind="compare.aspx.cs" Inherits="AsiaWebShop.compare" %> <asp:GridView ID="GridView1" r
<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="compare.aspx.cs" Inherits="AsiaWebShop.compare" %>
<asp:GridView ID="GridView1" runat="server" AutoGenerateColumns="False"
DataKeyNames="item_id" DataSourceID="SqlDataSource1">
<Columns>
<asp:BoundField DataField="item_id" HeaderText="item_id" InsertVisible="False"
ReadOnly="True" SortExpression="item_id" />
<asp:BoundField DataField="item_name" HeaderText="item_name"
SortExpression="item_name" />
<asp:BoundField DataField="category" HeaderText="category"
SortExpression="category" />
<asp:BoundField DataField="pic_path" HeaderText="pic_path"
SortExpression="pic_path" />
<asp:BoundField DataField="item_description" HeaderText="item_description"
SortExpression="item_description" />
<asp:BoundField DataField="regular_price" HeaderText="regular_price"
SortExpression="regular_price" />
<asp:BoundField DataField="member_price" HeaderText="member_price"
SortExpression="member_price" />
<asp:BoundField DataField="promo_price" HeaderText="promo_price"
SortExpression="promo_price" />
<asp:BoundField DataField="stock" HeaderText="stock" SortExpression="stock" />
<asp:BoundField DataField="upc" HeaderText="upc" SortExpression="upc" />
</Columns>
</asp:GridView>
<asp:SqlDataSource ID="SqlDataSource1" runat="server"
ConnectionString="<%$ ConnectionStrings:awsdbConnectionString %>"
ProviderName="<%$ ConnectionStrings:awsdbConnectionString.ProviderName %>"
SelectCommand="SELECT * FROM [item] WHERE ([upc] = ?)">
<SelectParameters>
<asp:QueryStringParameter Name="upc" QueryStringField="query" Type="String" />
</SelectParameters>
</asp:SqlDataSource>
</div>
</form>
然而,我在条件表达式错误中得到了一个数据类型不匹配,有人知道为什么吗?很抱歉,我只是asp.net和C的新手,所以请对我放轻松…使用HTTP查询字符串的输入格式编写SQL字符串存在安全风险。这将为你打开通往成功的大门
<asp:GridView ID="GridView1" runat="server" AutoGenerateColumns="False"
DataKeyNames="item_id" DataSourceID="SqlDataSource1">
<Columns>
<asp:BoundField DataField="item_id" HeaderText="item_id" InsertVisible="False"
ReadOnly="True" SortExpression="item_id" />
<asp:BoundField DataField="item_name" HeaderText="item_name"
SortExpression="item_name" />
<asp:BoundField DataField="category" HeaderText="category"
SortExpression="category" />
<asp:BoundField DataField="pic_path" HeaderText="pic_path"
SortExpression="pic_path" />
<asp:BoundField DataField="item_description" HeaderText="item_description"
SortExpression="item_description" />
<asp:BoundField DataField="regular_price" HeaderText="regular_price"
SortExpression="regular_price" />
<asp:BoundField DataField="member_price" HeaderText="member_price"
SortExpression="member_price" />
<asp:BoundField DataField="promo_price" HeaderText="promo_price"
SortExpression="promo_price" />
<asp:BoundField DataField="stock" HeaderText="stock" SortExpression="stock" />
<asp:BoundField DataField="upc" HeaderText="upc" SortExpression="upc" />
</Columns>
</asp:GridView>
<asp:SqlDataSource ID="SqlDataSource1" runat="server"
ConnectionString="<%$ ConnectionStrings:awsdbConnectionString %>"
ProviderName="<%$ ConnectionStrings:awsdbConnectionString.ProviderName %>"
SelectCommand="SELECT * FROM [item] WHERE ([upc] = ?)">
<SelectParameters>
<asp:QueryStringParameter Name="upc" QueryStringField="query" Type="String" />
</SelectParameters>
</asp:SqlDataSource>
</div>
</form>
<asp:GridView ID="GridView1" runat="server" AutoGenerateColumns="False"
DataKeyNames="item_id" DataSourceID="SqlDataSource1">
<Columns>
<asp:BoundField DataField="item_id" HeaderText="item_id" InsertVisible="False"
ReadOnly="True" SortExpression="item_id" />
<asp:BoundField DataField="item_name" HeaderText="item_name"
SortExpression="item_name" />
<asp:BoundField DataField="category" HeaderText="category"
SortExpression="category" />
<asp:BoundField DataField="pic_path" HeaderText="pic_path"
SortExpression="pic_path" />
<asp:BoundField DataField="item_description" HeaderText="item_description"
SortExpression="item_description" />
<asp:BoundField DataField="regular_price" HeaderText="regular_price"
SortExpression="regular_price" />
<asp:BoundField DataField="member_price" HeaderText="member_price"
SortExpression="member_price" />
<asp:BoundField DataField="promo_price" HeaderText="promo_price"
SortExpression="promo_price" />
<asp:BoundField DataField="stock" HeaderText="stock" SortExpression="stock" />
<asp:BoundField DataField="upc" HeaderText="upc" SortExpression="upc" />
</Columns>
</asp:GridView>
<asp:SqlDataSource ID="SqlDataSource1" runat="server"
ConnectionString="<%$ ConnectionStrings:awsdbConnectionString %>"
ProviderName="<%$ ConnectionStrings:awsdbConnectionString.ProviderName %>"
SelectCommand="SELECT * FROM [item] WHERE ([upc] = ?)">
<SelectParameters>
<asp:QueryStringParameter Name="upc" QueryStringField="query" Type="String" />
</SelectParameters>
</asp:SqlDataSource>
</div>
</form>
<asp:GridView ID="GridView1" runat="server" AutoGenerateColumns="False"
DataKeyNames="item_id" DataSourceID="SqlDataSource1">
<Columns>
<asp:BoundField DataField="item_id" HeaderText="item_id" InsertVisible="False"
ReadOnly="True" SortExpression="item_id" />
<asp:BoundField DataField="item_name" HeaderText="item_name"
SortExpression="item_name" />
<asp:BoundField DataField="category" HeaderText="category"
SortExpression="category" />
<asp:BoundField DataField="pic_path" HeaderText="pic_path"
SortExpression="pic_path" />
<asp:BoundField DataField="item_description" HeaderText="item_description"
SortExpression="item_description" />
<asp:BoundField DataField="regular_price" HeaderText="regular_price"
SortExpression="regular_price" />
<asp:BoundField DataField="member_price" HeaderText="member_price"
SortExpression="member_price" />
<asp:BoundField DataField="promo_price" HeaderText="promo_price"
SortExpression="promo_price" />
<asp:BoundField DataField="stock" HeaderText="stock" SortExpression="stock" />
<asp:BoundField DataField="upc" HeaderText="upc" SortExpression="upc" />
</Columns>
</asp:GridView>
<asp:SqlDataSource ID="SqlDataSource1" runat="server"
ConnectionString="<%$ ConnectionStrings:awsdbConnectionString %>"
ProviderName="<%$ ConnectionStrings:awsdbConnectionString.ProviderName %>"
SelectCommand="SELECT * FROM [item] WHERE ([upc] = ?)">
<SelectParameters>
<asp:QueryStringParameter Name="upc" QueryStringField="query" Type="String" />
</SelectParameters>
</asp:SqlDataSource>
</div>
</form>
<asp:GridView ID="GridView1" runat="server" AutoGenerateColumns="False"
DataKeyNames="item_id" DataSourceID="SqlDataSource1">
<Columns>
<asp:BoundField DataField="item_id" HeaderText="item_id" InsertVisible="False"
ReadOnly="True" SortExpression="item_id" />
<asp:BoundField DataField="item_name" HeaderText="item_name"
SortExpression="item_name" />
<asp:BoundField DataField="category" HeaderText="category"
SortExpression="category" />
<asp:BoundField DataField="pic_path" HeaderText="pic_path"
SortExpression="pic_path" />
<asp:BoundField DataField="item_description" HeaderText="item_description"
SortExpression="item_description" />
<asp:BoundField DataField="regular_price" HeaderText="regular_price"
SortExpression="regular_price" />
<asp:BoundField DataField="member_price" HeaderText="member_price"
SortExpression="member_price" />
<asp:BoundField DataField="promo_price" HeaderText="promo_price"
SortExpression="promo_price" />
<asp:BoundField DataField="stock" HeaderText="stock" SortExpression="stock" />
<asp:BoundField DataField="upc" HeaderText="upc" SortExpression="upc" />
</Columns>
</asp:GridView>
<asp:SqlDataSource ID="SqlDataSource1" runat="server"
ConnectionString="<%$ ConnectionStrings:awsdbConnectionString %>"
ProviderName="<%$ ConnectionStrings:awsdbConnectionString.ProviderName %>"
SelectCommand="SELECT * FROM [item] WHERE ([upc] = ?)">
<SelectParameters>
<asp:QueryStringParameter Name="upc" QueryStringField="query" Type="String" />
</SelectParameters>
</asp:SqlDataSource>
</div>
</form>
我必须强调,我不建议您在SQL中使用硬编码值。请注意SQL注入的安全风险。Re:使用查询参数组合SQL字符串是一种安全风险,-您想说的是正确的,但措辞令人困惑。SQL参数也是查询参数。非常感谢您提醒我有关安全风险的问题,但由于这只是一个学校项目,我认为暂时可以:您介意在我的代码中具体引用应该包含单引号的地方吗?ASP.net中的单引号是否有特定的语法?我是asp.net的新手,非常感谢您的帮助。最后一次更新,我在这里添加了单引号SelectCommand=SELECT*FROM[item],其中[upc]='?'>代码可以工作,但有一些错误。在compare.aspx中,我只能返回一个项目进行比较…我的原始查询字符串类似于15、23或25,但当我运行程序时,查询字符串被缩减为仅15个,有人知道为什么吗?甚至比较界面中的唯一项目也消失了
<asp:GridView ID="GridView1" runat="server" AutoGenerateColumns="False"
DataKeyNames="item_id" DataSourceID="SqlDataSource1">
<Columns>
<asp:BoundField DataField="item_id" HeaderText="item_id" InsertVisible="False"
ReadOnly="True" SortExpression="item_id" />
<asp:BoundField DataField="item_name" HeaderText="item_name"
SortExpression="item_name" />
<asp:BoundField DataField="category" HeaderText="category"
SortExpression="category" />
<asp:BoundField DataField="pic_path" HeaderText="pic_path"
SortExpression="pic_path" />
<asp:BoundField DataField="item_description" HeaderText="item_description"
SortExpression="item_description" />
<asp:BoundField DataField="regular_price" HeaderText="regular_price"
SortExpression="regular_price" />
<asp:BoundField DataField="member_price" HeaderText="member_price"
SortExpression="member_price" />
<asp:BoundField DataField="promo_price" HeaderText="promo_price"
SortExpression="promo_price" />
<asp:BoundField DataField="stock" HeaderText="stock" SortExpression="stock" />
<asp:BoundField DataField="upc" HeaderText="upc" SortExpression="upc" />
</Columns>
</asp:GridView>
<asp:SqlDataSource ID="SqlDataSource1" runat="server"
ConnectionString="<%$ ConnectionStrings:awsdbConnectionString %>"
ProviderName="<%$ ConnectionStrings:awsdbConnectionString.ProviderName %>"
SelectCommand="SELECT * FROM [item] WHERE ([upc] = ?)">
<SelectParameters>
<asp:QueryStringParameter Name="upc" QueryStringField="query" Type="String" />
</SelectParameters>
</asp:SqlDataSource>
</div>
</form>