下拉列表查询字符串参数

Question

大家好，你们好吗？我有一个下拉列表，它不会使用 sql 数据源从数据库中填充数据值。当我使用后面的代码时，我能够将数据填充到下拉列表中。我不知道如何使用后面的代码传递查询字符串参数，因为我是 asp.net 的新手。

这是后面的代码：

Imports System.Data.SqlClient
Partial Class PhotoAlbum
    Inherits System.Web.UI.Page

    Dim oConn As New SqlConnection("Data Source=.\SQLEXPRESS;" & _
"AttachDbFilename=|DataDirectory|\ASPNETDB.MDF;" & _
"Integrated Security=True;User Instance=True")

    Dim oCmd As New SqlCommand()
    Dim oDR As SqlDataReader

    Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
        oConn.Open()
        oCmd.CommandText = "SELECT [CategoryID], [Name]  FROM Categories  ORDER BY [Name]"
        oCmd.Connection = oConn
        oDR = oCmd.ExecuteReader()

        Me.categories.DataSource = oDR
        Me.categories.DataTextField = "Name"
        Me.categories.DataValueField = "CategoryID"
        Me.categories.DataBind()

        oDR.Close()
        oConn.Close()
    End Sub
End Class

我想将以下信息从 sqlDatasource 包含到代码隐藏中：

SelectCommand="SELECT [CategoryID], [Name] FROM [Categories] WHERE ([UserId] = @UserId) ORDER BY [Name]"> 
    <SelectParameters> 
         <asp:QueryStringParameter Name="UserId" QueryStringField="ID"/>

从后面的代码可以看出，我可以添加：

"SELECT [CategoryID], [Name]  FROM Categories  ORDER BY [Name]".

但我想添加所有这些：

SelectCommand="SELECT [CategoryID], [Name] FROM [Categories] WHERE ([UserId] = @UserId) ORDER BY [Name]"> 
        <SelectParameters> 

提前谢谢大家

Answer 1

试试这个。我还没有测试过，但是“Request.QueryString”属性和“oCmd.Parameters.AddWithValue()”函数是你需要使用的关键部分。

Imports System.Data.SqlClient
Partial Class PhotoAlbum
    Inherits System.Web.UI.Page

    Dim oConn As New SqlConnection("Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\ASPNETDB.MDF;Integrated Security=True;User Instance=True")

    Dim oCmd As New SqlCommand()
    Dim oDR As SqlDataReader

    Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
        'TODO: probably want to make sure you have an "Id" in the query string
        If Request.QueryString("Id") Is Nothing Then
            ' TODO: handle this scenerio (no "Id" query string parameter)
        Else
            Dim userId As Integer = Nothing
            If Not Integer.TryParse(Request.QueryString("Id"), userId) Then
                ' TODO: handle this scenerio ("Id" query string parameter is not an integer)
            Else
                ' we have a good Id, use a parameterized statement to avoid SQL injection
                ' HINT: can use the "Using" statement of ensure your sql connection is disposed of when finished
                Using oConn As New SqlConnection("Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\ASPNETDB.MDF;Integrated Security=True;User Instance=True")
                    Dim oCmd As New SqlCommand("SELECT [CategoryID], [Name] FROM [Categories] WHERE UserId = @UserId ORDER BY [Name]", oConn)
                    ' provide a value for the @userId parameter using the "parameters.addwithvalue" function
                    oCmd.Parameters.AddWithValue("@UserId", userId)

                    oConn.Open()
                    Dim oDR As SqlDataReader = oCmd.ExecuteReader()

                    Me.categories.DataSource = oDR
                    Me.categories.DataTextField = "Name"
                    Me.categories.DataValueField = "CategoryID"
                    Me.categories.DataBind()

                    oDR.Close()
                    oConn.Close()
                End Using
            End If
        End If
    End Sub
End Class