By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
429,078 Members | 2,159 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 429,078 IT Pros & Developers. It's quick & easy.

ASP.NET Query application made simple?

P: n/a
Query application made simple?

I have to use ASP.NET quite often to knock up quick protype
applications.
Generally, these applications have some components for querying and an
area of screen for displaying the results.

Using GridViews and SqlDataSource, I can almost make the application
with no code. My where clause is handled by the SqlDataSource.
What I would like to know is, can the SqlDataSource be made to be
"intelligent".
Following example shows what I need:

I add a SqlDataSource and DetailsView.
Add a TextBox and Button.
The Textbox value is added as a parameter to the SqlDataSource.

So, the program is run and I type in a value and hit the button, and it
brings me back the data.
But, how could I make the SqlDataSource "know" that the value might not
be used soemtimes.
If the Textbox is empty, I would want all the rows returned (not in a
DetailsView, but just in general)

If I leave the value empty, the select statement would look soemthing
like:

select * from myTable where colName =

The only way I can think of doing this is messy string manipulation.
What I want is a re-usbale approach.

Anyone got any ideas / techniques for this problem?

Steven

*** Sent via Developersdex http://www.developersdex.com ***
Dec 25 '06 #1
Share this Question
Share on Google+
3 Replies


P: n/a
"Steven Blair" <st**********@btinternet.comwrote in message
news:uQ**************@TK2MSFTNGP04.phx.gbl...
select * from myTable where colName =

The only way I can think of doing this is messy string manipulation.
What I want is a re-usbale approach.

Anyone got any ideas / techniques for this problem?
Firstly, if your app is on the public Internet, don't do this!!!

What would happen if someone typed the following into your TextBox:?

'x'; DROP TABLE myTable;--

http://www.google.co.uk/search?hl=en...2+DELETE&meta=
Dec 25 '06 #2

P: n/a
This is probably neither a C# specific question or an ASP.NET question and
probably should have been directed to the SQL or ASP.NET Group, but here you
go:

select * from MYTABLE WHERE 1=1
AND 1 =
CASE WHEN @query IS NOT NULL AND COLUMNNAME=@query THEN 1
WHEN @query IS NULL THEN 1 END

Peter
--
Site: http://www.eggheadcafe.com
UnBlog: http://petesbloggerama.blogspot.com
Short urls & more: http://ittyurl.net


"Steven Blair" wrote:
Query application made simple?

I have to use ASP.NET quite often to knock up quick protype
applications.
Generally, these applications have some components for querying and an
area of screen for displaying the results.

Using GridViews and SqlDataSource, I can almost make the application
with no code. My where clause is handled by the SqlDataSource.
What I would like to know is, can the SqlDataSource be made to be
"intelligent".
Following example shows what I need:

I add a SqlDataSource and DetailsView.
Add a TextBox and Button.
The Textbox value is added as a parameter to the SqlDataSource.

So, the program is run and I type in a value and hit the button, and it
brings me back the data.
But, how could I make the SqlDataSource "know" that the value might not
be used soemtimes.
If the Textbox is empty, I would want all the rows returned (not in a
DetailsView, but just in general)

If I leave the value empty, the select statement would look soemthing
like:

select * from myTable where colName =

The only way I can think of doing this is messy string manipulation.
What I want is a re-usbale approach.

Anyone got any ideas / techniques for this problem?

Steven

*** Sent via Developersdex http://www.developersdex.com ***
Dec 25 '06 #3

P: n/a
It's for local intranet use only.

Hmm, I hadn't even thought bout tailoring the SQL to do the job. I was
focused on thinking biout doing something fancy in the C# components.
But looking at the code, I think you may have made my life that little
bit easier :)

*** Sent via Developersdex http://www.developersdex.com ***
Dec 26 '06 #4

This discussion thread is closed

Replies have been disabled for this discussion.