1. 首頁
  2. 問答
  3. 與嘗試捕捉

與嘗試捕捉

2013-10-09 151 views
1

遇到問題我有一個asp:GridView建立在客戶端上,像這樣:與嘗試捕捉

<asp:GridView ID="GridView1" DataSourceID="SqlDataSource1" AutoGenerateColumns="true" 
      AutoGenerateDeleteButton="true" AutoGenerateEditButton="true" CssClass="GV" PagerStyle-CssClass="pgr" 
      AlternatingRowStyle-CssClass="alt" AllowPaging="true" 
      runat="server"> 
</asp:GridView> 
<asp:SqlDataSource ID="SqlDataSource1" ConnectionString="<%$ ConnectionStrings:MyConnection%>" runat="server"> 
</asp:SqlDataSource>

然後在我後面的代碼設置的try/catch語句內的DataKeyNamesasp:SQLDataSource參數。即使我在第一次嘗試時發表意見,我也無法讓第二個人開火。

protected void Page_Load(object sender, EventArgs e) 
{ 
    string qs = Request.QueryString["param"]; 
    string id = Request.QueryString["id"]; 

    if (qs != null) 
    { 
     try 
     { 
      if (qs == "Department") 
      { 
       GridView1.DataKeyNames = new string[] {"id"}; 
       SqlDataSource1.SelectCommand = "SELECT * FROM [table2] " 
        + "WHERE Department_Name LIKE'" + id + "' ORDER BY [Department_Name] DESC"; 
       SqlDataSource1.UpdateCommand = "UPDATE table2 SET [email protected]_Name, [email protected], " 
        + "[email protected], [email protected], [email protected], [email protected], [email protected] " 
        + "WHERE (id = @id)"; 
       SqlDataSource1.DeleteCommand = "DELETE FROM table2 WHERE id = @id"; 
      } 
     } 
     catch (Exception ex) 
     { 
      SqlDataSource1.SelectCommand = "SELECT * FROM [table1]"; 
      //ApplicantsSqlDataSource.UpdateCommand = ""; 
      //ApplicantsSqlDataSource.DeleteCommand = ""; 
      GridView1.Visible = false; 
      NoResults.Text = "<p>Sorry, there are no results that match your search query.<br />" + ex + "</p>"; 
     } 
    }     
}

這裏是click事件

protected void SearchDept_Click(object sender, EventArgs e) 
{ 
    TextBox txtSearchDept = (TextBox)Page.FindControl("txtSearchDept"); 
    if (txtSearchDept.Text.Length > 0) 
    { 
     Response.Redirect("Default.aspx?param=Department&id=" + txtSearchDept.Text.ToString()); 
    } 
    else 
    { 
     NoResults.Text = "<p>Please enter a search parameter.</p>"; 
    } 
}

它應該工作,但它不

編輯 這裏是第一次嘗試捕捉正在工作,最初離開了

try 
      { 
       if (qs == "LastName") 
       { 
        GridView1.DataKeyNames = new string[] {"EMPLOYEE"}; 
        SqlDataSource1.SelectCommand = "SELECT * FROM [table1] " 
        + "WHERE Last_Name='" + id + "' ORDER BY [EMPLOYEE] DESC"; 
        SqlDataSource1.UpdateCommand = "UPDATE table1 SET [email protected]_NAME, [email protected]_NAME, " 
        + "[email protected], [email protected]_HIRED, [email protected]_PHONE_NBR, [email protected]_PHONE_EXT, " 
        + "[email protected]_ADDRESS, [email protected], [email protected]_LEVEL, [email protected]_PHONES, [email protected]_NUM " 
        + "WHERE (EMPLOYEE = @EMPLOYEE)"; 
        SqlDataSource1.DeleteCommand = "DELETE FROM table1 WHERE EMPLOYEE = @EMPLOYEE"; 
       } 


      } 
      catch (Exception ex) 
      { 
       SqlDataSource1.SelectCommand = "SELECT * FROM [table1]"; 
       //ApplicantsSqlDataSource.UpdateCommand = ""; 
       //ApplicantsSqlDataSource.DeleteCommand = ""; 
       GridView1.Visible = false; 
       NoResults.Text = "<p>Sorry, there are no results that match your search query.<br />" + ex + "</p>"; 
      }

來源

2013-10-09 Skullomania

+2

第二個是什麼?我只看到一次嘗試。在描述意外行爲時要更具體一些。哪一行引發異常/未被使用? –

+4

濫用try-catch呃?用'gridview'的'emptydatatemplate'不會更好嗎? – Abhitalks

+5

你的代碼中也有大量的sql注入漏洞。如果我設置了id ='',從table2--中刪除會怎麼樣?你的代碼會毫不猶豫地執行此操作。不要將用戶輸入直接附加到SQL並執行它。決不。 –

回答

0

您需要添加t他百分比簽署了部門區域的SelectCommand

正確格式:SqlDataSource1.SelectCommand = "SELECT * FROM [table2] " + "WHERE Department_Name LIKE '%" + id + "%' ORDER BY [Department_Name] DESC";

來源

2013-10-09 14:12:28

相關問題

 相關問題