C# 下拉列表所选项目
我正在尝试从下拉列表中选择动态数据并查看所选项目的详细信息。我可以用数据库中的数据填充下拉列表。但是,当我选择一些项目时,它不会显示详细信息 在“我的演示”层中,选择下拉列表项时:C# 下拉列表所选项目,c#,sql,html-select,C#,Sql,Html Select,我正在尝试从下拉列表中选择动态数据并查看所选项目的详细信息。我可以用数据库中的数据填充下拉列表。但是,当我选择一些项目时,它不会显示详细信息 在“我的演示”层中,选择下拉列表项时: protected void ddlScheduleList_SelectedIndexChanged(object sender, EventArgs e) { string address = ddlScheduleList.SelectedItem.ToString();
protected void ddlScheduleList_SelectedIndexChanged(object sender, EventArgs e)
{
string address = ddlScheduleList.SelectedItem.ToString();
Distribution scheduledIndv = new Distribution();
scheduledIndv = packBLL.getDistributionDetail(address);
if (scheduledIndv == null)
{
Console.Out.WriteLine("Null");
}
else
{
tbScheduleDate.Text = scheduledIndv.packingDate.ToString();
tbBeneficiary.Text = scheduledIndv.beneficiary;
}
}
在我的业务逻辑层中,我获取所选地址并将其传递给数据访问层:
public Distribution getDistributionDetail(string address)
{
Distribution scheduledIndv = new Distribution();
return scheduledIndv.getDistributionDetail(address);
}
在我的数据访问层中,我已经测试了SQL语句。它给了我想要的。但它不会出现在网页上
public Distribution getDistributionDetail(string address)
{
Distribution distributionFound = null;
using (var connection = new SqlConnection(FoodBankDB.GetConnectionString())) // get your connection string from the other class here
{
SqlCommand command = new SqlCommand("SELECT d.packingDate, b.name FROM dbo.Distributions d " +
" INNER JOIN dbo.Beneficiaries b ON d.beneficiary = b.id " +
" WHERE b.addressLineOne = '" + address + "'", connection);
connection.Open();
using (var dr = command.ExecuteReader())
{
if (dr.Read())
{
DateTime packingDate = DateTime.Parse(dr["packingDate"].ToString());
string beneficiary = dr["beneficiary"].ToString();
distributionFound = new Distribution(packingDate, beneficiary);
}
}
}
return distributionFound;
}
我的execute Reader方法位于另一个单独的类中:
public static string connectionString = Properties.Settings.Default.connectionString;
public static string GetConnectionString()
{
return connectionString;
}
public static SqlDataReader executeReader(string query)
{
SqlDataReader result = null;
System.Diagnostics.Debug.WriteLine("FoodBankDB executeReader: " + query);
SqlConnection connection = new SqlConnection(connectionString);
SqlCommand command = new SqlCommand(query, connection);
connection.Open();
result = command.ExecuteReader();
connection.Close();
return result;
}
我想知道出了什么问题。是关于(!IsPostBack)还是
提前感谢。您发现了错误,但为了避免Sql注入,请按如下方式修改代码:
SqlCommand command = new SqlCommand("SELECT d.packingDate, b.name FROM dbo.Distributions d " +
" INNER JOIN dbo.Beneficiaries b ON d.beneficiary = b.id " +
" WHERE b.addressLineOne = @address", connection);
command.Parameters.AddWithValue("@address", address);
我相信你需要让它发回以填充它。或者将它绑定到数据库。我已经发现我的错误了。我忘了在下拉列表中启用post。谢谢您存在SQL注入漏洞。SQL注入有什么负面影响?通过SQL注入,攻击者可以访问存储在SQL数据库中的所有数据。如果SQL server配置不正确,则可能执行任意代码执行。