Tell me more ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 1 down vote favorite

Is it possible to use a field name as a select parameter in an SQLDataSource?

<asp:SqlDataSource ID="SqlDataSource1" runat="server" 
    ConnectionString="<%$ ConnectionStrings:DbConnection %>" 
    ProviderName="<%$ ConnectionStrings:DbConnection.ProviderName %>"      
SelectCommand="select * from sometable where @FieldKey = @FieldValue">
<SelectParameters>
    <asp:Parameter Name="FieldKey" Type="String" />
    <asp:Parameter Name="FieldValue" Type="String" />
</SelectParameters>
</asp:SqlDataSource>
share|improve this question
What are you trying to accomplish? – Internet Engineer May 31 '12 at 1:57
To be able to change the where condition based on a supplied field name – jax May 31 '12 at 2:56
add comment (requires an account with 50 reputation)

3 Answers

up vote 0 down vote

If what you mean is using values from a control [like textbox, dropdown] then here is something

<SelectParameters>
    <asp:ControlParameter ControlID="FieldKey" PropertyName="Text"
         Type="String" />
    <asp:ControlParameter ControlID="FieldName" PropertyName="Text"
         Type="String" />
</SelectParameters>

Assuming the values are stored in textboxes

share|improve this answer
No, the SQL is inside a class that extends UserControl, the property is in the code behind of this class – jax May 31 '12 at 2:55
check my comment below - it's just a workaround – codingbiz May 31 '12 at 3:07
add comment (requires an account with 50 reputation)
up vote 0 down vote

Here is my hack(workaround) most time

protected void page_load(...)
{
   SqlDataSource1.SelectParameters["FieldKey"] = field;
   SqlDataSource1.SelectParameters["FieldName"] = name;
}

OR create two hidden fields, assign the values to those fields and then use 

<asp:ControlParameter />

That is another hack

share|improve this answer
add comment (requires an account with 50 reputation)
up vote 0 down vote

OPTION 1

If FieldKey and FieldName are taking from code behind I think you can easily set command as below. 

SqlDataSource1.SelectCommand = string.Format("select * from sometable where {0} = {1}",fieldKey ,fieldValue)

please validate input fields for SQL injection attacks.

OPTION 2

Create stored procedure to accept two parameters key and value, you need to build SQL query from those parameters and execute inside stored procedure.

Then you can call it from datasource. 

<asp:SqlDataSource ID="SqlDataSource1" runat="server" 
    ConnectionString="<%$ ConnectionStrings:DbConnection %>" 
    ProviderName="<%$ ConnectionStrings:DbConnection.ProviderName %>"      
    SelectCommand="StoredProcedureName"
    SelectCommandType="StoredProcedure">
<SelectParameters>
    <asp:Parameter Name="FieldKey" Type="String" />
    <asp:Parameter Name="FieldValue" Type="String" />
</SelectParameters>
</asp:SqlDataSource>
share|improve this answer
That is the way I ended up going, however, I would rather a solution straight from the .aspx page. – jax May 31 '12 at 22:28
@jax add another alternative way – Damith Jun 1 '12 at 3:18
add comment (requires an account with 50 reputation)

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.