使用下拉列表选择的项目来搜索gridview？

Question

我有一个从四个表中填充的网格视图，并且选择命令（如下所示）功能齐全。我希望能够搜索gridview，并只显示那些“状态”列值等于下拉列表中选定项目的行。我相信我有正确的选择语句（也在下面列出），但我只希望 gridview 在按钮单击时显示搜索结果。如何使这个选择语句有条件？换句话说，我如何才能使 Search select 语句仅在用户单击搜索按钮时使用？

常规选择语句：

SelectCommand="SELECT Customer.SubId, Customer.CustName, Customer.CustCity, Customer.CustState, Broker.BroName, Broker.BroState, Broker.EntityType, Submission.Coverage, Status.Status FROM Submission INNER JOIN Broker ON Broker.SubId = Submission.SubmissionId INNER JOIN Customer ON Customer.SubId = Submission.SubmissionId INNER JOIN Status ON Status.StatusId = Submission.StatusId"

我的搜索选择语句：

`SelectCommand="SELECT Customer.SubId, Customer.CustName, Customer.CustCity, Customer.CustState, Broker.BroName, Broker.BroState, 

Broker.EntityType, Submission.Coverage, Status.Status FROM Submission WHERE Status = '" + Ddl.SelectedItem.Text + "' INNER JOIN Broker ON Broker.SubId = Submission.SubmissionId 

INNER JOIN Customer ON Customer.SubId = Submission.SubmissionId INNER JOIN Status ON Status.StatusId = Submission.StatusId">`

完整的gridview/droplist代码：

    <asp:DropDownList ID="DropDownList1" runat="server" 
            DataSourceID="SqlDataSource2" DataTextField="Status" DataValueField="Status">

        </asp:DropDownList>
        <asp:SqlDataSource ID="SqlDataSource2" runat="server" 
            ConnectionString="<%$ ConnectionStrings:MyConnectionString %>" 
            SelectCommand="SELECT [Status] FROM [Status]"></asp:SqlDataSource>
        &nbsp;<asp:TextBox ID="TextBox1" runat="server"></asp:TextBox>
        &nbsp;
        <asp:Button ID="Button1" runat="server" Text="Search" />
</asp:Panel>
    <asp:GridView ID="GridView1" runat="server" AutoGenerateColumns="False" DataSourceID="SqlDataSource1" 
        EmptyDataText="There are no data records to display." AllowPaging="True" 
        BackColor="White" BorderColor="#999999" BorderStyle="None" BorderWidth="1px" 
        CellPadding="3" GridLines="Vertical" HorizontalAlign="Center" 
        AllowSorting="True" >
        <AlternatingRowStyle BackColor="#DCDCDC" />

        <Columns>

            <asp:BoundField DataField="SubId" HeaderText="Submission Id" 
                SortExpression="SubId" >
            </asp:BoundField>
            <asp:BoundField DataField="CustName" HeaderText="Customer" 
                SortExpression="CustName" />
            <asp:BoundField DataField="CustCity" HeaderText="Customer City" 
                SortExpression="CustCity" />
            <asp:BoundField DataField="CustState" HeaderText="Customer State" 
                SortExpression="CustState" />
            <asp:BoundField DataField="BroName" HeaderText="Broker" 
                SortExpression="BroName" />
            <asp:BoundField DataField="BroState" HeaderText="Broker State" 
                SortExpression="BroState" />
            <asp:BoundField DataField="EntityType" HeaderText="Entity Type" 
                SortExpression="EntityType" />
            <asp:BoundField DataField="Coverage" 
                HeaderText="Coverage" SortExpression="Coverage" />
            <asp:BoundField DataField="Status" HeaderText="Status" 
                SortExpression="Status" />

            <asp:HyperLinkField DataNavigateUrlFields="SubId" 
                DataNavigateUrlFormatString="View.aspx?SubId={0}" Text="View" />
            <asp:HyperLinkField DataNavigateUrlFields="SubId" 
                DataNavigateUrlFormatString="ViewEdit.aspx?SubId={0}" HeaderText="Edit" 
                Text="Edit" />

        </Columns>
        <FooterStyle BackColor="#CCCCCC" ForeColor="Black" />
        <HeaderStyle BackColor="#000084" Font-Bold="True" ForeColor="White" />
        <PagerStyle BackColor="#999999" ForeColor="Black" HorizontalAlign="Center" />
        <RowStyle BackColor="#EEEEEE" ForeColor="Black" />
        <SelectedRowStyle BackColor="#008A8C" Font-Bold="True" ForeColor="White" />
        <SortedAscendingCellStyle BackColor="#F1F1F1" />
        <SortedAscendingHeaderStyle BackColor="#0000A9" />
        <SortedDescendingCellStyle BackColor="#CAC9C9" />
        <SortedDescendingHeaderStyle BackColor="#000065" />
    </asp:GridView>
    <asp:SqlDataSource ID="SqlDataSource1" runat="server" 
        ConnectionString="<%$ ConnectionStrings:MyConnectionString %>" 
        ProviderName="<%$ ConnectionStrings:ProductInstanceString.ProviderName %>" 



        SelectCommand="SELECT Customer.SubId, Customer.CustName, Customer.CustCity, Customer.CustState, Broker.BroName, Broker.BroState, Broker.EntityType, Submission.Coverage, Status.Status FROM Submission INNER JOIN Broker ON Broker.SubId = Submission.SubmissionId INNER JOIN Customer ON Customer.SubId = Submission.SubmissionId INNER JOIN Status ON Status.StatusId = Submission.StatusId">

    </asp:SqlDataSource>

Answer 1

首先，您肯定希望在 SQL 中使用参数。您发布的示例很容易受到 SQL 注入攻击。

其次，您可以通过使用存储过程来实现一种或另一种类型的查询（这也有很多其他好处）。在该过程中，您可以检查您将传入的状态参数是否为空。如果为null，则使用正则，如果不是，则使用搜索语句。

在您的数据库中，您可以创建一个看起来像这样的存储过程（它可能更优雅，但这是一个简单的示例）：

CREATE PROCEDURE [dbo].[GetStuffByStatus]

@status varchar(255) = null

AS 
BEGIN

IF @status IS NOT NULL
BEGIN

    SELECT Customer.SubId, Customer.CustName, Customer.CustCity, Customer.CustState, Broker.BroName, Broker.BroState, 

    Broker.EntityType, Submission.Coverage, Status.Status 

    FROM Submission 

    WHERE Status = @status

    INNER JOIN Broker ON Broker.SubId = Submission.SubmissionId 

    INNER JOIN Customer ON Customer.SubId = Submission.SubmissionId INNER JOIN Status ON Status.StatusId = Submission.StatusId

END
ELSE
    SELECT Customer.SubId, Customer.CustName, Customer.CustCity, Customer.CustState, Broker.BroName, Broker.BroState, Broker.EntityType, Submission.Coverage, Status.Status 

    FROM Submission 

    INNER JOIN Broker ON Broker.SubId = Submission.SubmissionId 
    INNER JOIN Customer ON Customer.SubId = Submission.SubmissionId INNER JOIN Status ON Status.StatusId = Submission.StatusId

END

然后您可以适当地编辑您的 SqlDataSource：

<asp:SqlDataSource ID="SqlDataSource2" runat="server" 
        ConnectionString="<%$ ConnectionStrings:MyConnectionString %>" 
        SelectCommand="GetStuffByStatus" SelectCommandType="StoredProcedure">
        <SelectParameters>
            <asp:ControlParameter Name="status" ControlID="DtopDownList1" PropertyName="SelectedValue" ConvertEmptyStringToNull="true" />
        </SelectParameters>
</asp:SqlDataSource>

然后，如果您不想按状态过滤，请确保此参数未传递任何内容（DropDownList SelectedValue 为空）。向 DropDownList 添加一个默认的空值：

<asp:DropDownList ID="DtopDownList1" runat="server" DataSourceID="SqlDataSource1" DataTextField="someidentifier" DataValueField="someidentifier" AppendDataBoundItems="true">
    <asp:ListItem Text="No filter" Value="" />
</asp:DropDownList>

起初让 SqlDataSource 处理非过滤（空）情况时遇到了一点麻烦，我不得不为 GridView 的 SqlDataSource 添加一个 OnSelecting 处理程序。我将此属性添加到 SqlDataSource：

OnSelecting="SqlDataSource2_Selecting"

并编写了一个处理程序来检查空案例并将参数设置为 DBNull：

protected void SqlDataSource2_Selecting(object sender, SqlDataSourceSelectingEventArgs e)
{
    if (DtopDownList1.SelectedValue == String.Empty)
    {
        ((SqlCommand)e.Command).Parameters["@status"].Value = DBNull.Value;
    }
}

我已经测试了这个解决方案，它的工作原理与您描述的一样。

当然，这样做的最佳做法是编写您自己的数据层来更恰当地处理此逻辑，但这可能超出了本问题的范围。

Answer 2

为了展示对我有用的方法，这是我的代码。它运行正常。关于@ashelvey 的回答，虽然我没有测试过他的方法，但他对参数化的看法是正确的。我没有这样做的唯一原因是我正在做一个培训项目，而我的经理特别告诉我暂时不要这样做。该站点不用于部署。无论如何，我最初的问题是“如何更改按钮单击时的选择命令？”答案如下：

protected void BtnStatusSearch_Click(object sender, EventArgs e)
{
    SqlDataSource1.SelectCommand = "SELECT Customer.SubId, Customer.CustName, Customer.CustCity, Customer.CustState, Broker.BroName, Broker.BroState, Broker.EntityType, Submission.Coverage, Status.Status FROM Submission INNER JOIN Broker ON Broker.SubId = Submission.SubmissionId INNER JOIN Customer ON Customer.SubId = Submission.SubmissionId INNER JOIN Status ON Status.StatusId = Submission.StatusId WHERE Status.Status = '" + DdlStatus.SelectedItem.Text + "'";
    SqlDataSource1.DataBind();
}