Before I was binding my data to my GridView in the .cs file. I had searching/sorting working (search the database by typing in to a textbox, sort by selecting an option from a dropdownlist). However, now I’m binding my data in the .aspx file, and of course my sort/search isn’t working anymore. How can I alter my sorting/searching algorithm so that the correct data binds???
(searchFill is the function that invokes searching/sorting)
.cs
protected void Page_Load(object sender, EventArgs e)
{
rootWebConfig = System.Web.Configuration.WebConfigurationManager.OpenWebConfiguration("/Cabot3");
connectionString = rootWebConfig.ConnectionStrings.ConnectionStrings["SecureODBConnectionString"];
searchFill();
GridViewRow row = DefaultGrid.SelectedRow;
int rowIndex = DefaultGrid.SelectedIndex;
HiddenGrid.SelectedIndex = rowIndex;
GridViewRow row2 = HiddenGrid.SelectedRow;
//int id = Convert.ToInt32(row.Cells[25].Text);
fName = row2.Cells[0].Text;
lName = row2.Cells[1].Text;
addr = row2.Cells[2].Text;
addr2 = row2.Cells[3].Text;
city = row2.Cells[4].Text;
state = row2.Cells[5].Text;
zip = row2.Cells[6].Text;
country = row2.Cells[7].Text;
email = row2.Cells[8].Text;
phone = row2.Cells[9].Text;
ccType = row2.Cells[10].Text;
ccNum = row2.Cells[11].Text;
ccExp = row2.Cells[12].Text;
length = row2.Cells[13].Text;
delivery = row2.Cells[14].Text;
price = row2.Cells[15].Text;
source = row2.Cells[16].Text;
joined = row2.Cells[17].Text;
url = row2.Cells[18].Text;
orderResults = row2.Cells[19].Text;
pubName = row2.Cells[20].Text;
sourceCode = row2.Cells[21].Text;
}
protected void searchFill()
{
orderByString = orderByList.SelectedItem.Value;
fieldString = searchTextBox.Text;
string sqlStatement = "SELECT * FROM SecureOrders WHERE fName LIKE '%" + fieldString + "%' OR lName LIKE'%" + fieldString + "%' OR addr LIKE'%" + fieldString + "%' OR addr2 LIKE'%" + fieldString + "%' OR city LIKE'%" + fieldString + "%' OR state LIKE'%" + fieldString + "%' OR zip LIKE'%" + fieldString + "%' OR zip LIKE'%" + fieldString + "%' OR country LIKE'%" + fieldString + "%' OR email LIKE'%" + fieldString + "%' OR phone LIKE'%" + fieldString + "%' OR ccType LIKE'%" + fieldString + "%' OR ccNum LIKE'%" + fieldString + "%' OR ccExp LIKE'%" + fieldString + "%' OR cwaSource LIKE'%" + fieldString + "%' OR cwaJoined LIKE'%" + fieldString + "%' OR length LIKE'%" + fieldString + "%' OR delivery LIKE'%" + fieldString + "%' OR price LIKE'%" + fieldString + "%' OR url LIKE'%" + fieldString + "%' OR orderResults LIKE'%" + fieldString + "%' OR pubName LIKE'%" + fieldString + "%' OR sourceCode LIKE'%" + fieldString+ "%' ORDER BY " + orderByString;
using (SqlConnection connection = new SqlConnection(connectionString.ToString()))
using(SqlCommand searchSort = new SqlCommand(sqlStatement, connection))
{
searchSort.Parameters.AddWithValue("@fieldString", fieldString);
searchSort.Parameters.AddWithValue("@orderByString", orderByString);
connection.Open();
searchSort.ExecuteNonQuery();
connection.Close();
}
}
.aspx
<asp:GridView ID="DefaultGrid"
runat = "server"
DataKeyNames = "IdentityColumn"
onselectedindexchanged = "DefaultGrid_SelectedIndexChanged"
autogenerateselectbutton = "True"
enableviewstate = "False"
selectedindex="0" DataSourceID="OrderSource" EnableModelValidation="True"
AutoGenerateColumns="False">
<SelectedRowStyle BackColor="Azure"
forecolor="Black"
font-bold="true" />
<Columns>
<asp:TemplateField HeaderText = "Processed">
<ItemTemplate>
<asp:CheckBox
ID="CheckBoxProcess"
AutoPostBack = "true"
Checked = '<%#Eval("processed") %>'
OnCheckedChanged = "CheckBoxProcess_CheckedChanged"
runat="server"
Enabled = "true" />
</ItemTemplate>
</asp:TemplateField>
<asp:BoundField DataField="fName" HeaderText="First Name" SortExpression="fName" />
<asp:BoundField DataField="lName" HeaderText="Last Name" SortExpression="lName" />
<asp:BoundField DataField="addr" HeaderText="Address" SortExpression="addr" />
<asp:BoundField DataField="email" HeaderText="Email" SortExpression="email" />
<asp:BoundField DataField="phone" HeaderText="Phone" SortExpression="phone" />
<asp:BoundField DataField="ccType" HeaderText="Credit Card Type"
SortExpression="ccType" />
<asp:BoundField DataField="length" HeaderText="Length"
SortExpression="length" />
</Columns>
</asp:GridView>
<asp:SqlDataSource ID="OrderSource" runat="server"
ConnectionString="<%$ ConnectionStrings:SecureODBConnectionString %>"
SelectCommand="SELECT * FROM [SecureOrders]"></asp:SqlDataSource>
</div>
Maybe this…
Write your stored procedure (as @coder says…the way you’re doing it is not secure)
CREATE PROCEDURE dbo.myPROC
(@parm1 int = null, @parm2 int = null, …)
AS
BEGIN
Configure your datasource (use the wizard).
Once you identify your stored procedure to the datasource, it will ask you for the source values for each parameter identified in the stored procedure. just fill-in the default value and leave the rest alone. Basically what you want to end-up with is something like this (I’m not getting this syntactically correct — but your intellisense will get it for you once you start):
me.datasource1.parameters.clear()
me.datassource.parameters(“parm1”).defaultvalue = fname;
me.datassource.parameters(“parm2”).defaultvalue = lname;
…
rebind your gridview
me.gridview.databind
This isn’t elegant, but it seems to fit with the approach you have taken so far. Hope it helps.