Solved

passing variable QueryStringParameter of SelectParameters in SqlDataSource for DataGrid not working

Posted on 2008-11-01
9
915 Views
Last Modified: 2012-05-05
I have a web site done in ASP.NET with VB.NET on MS Visual Web Developer.  I'm tring to pass a variable from the QueryStringParameter of SelectParameters in SqlDataSource for a DataGrid, but it's not working.  It takes me to the correct page with the correct Request.QueryString (http://www.omahavaccine.com/search_product_list.aspx?search=chews) but the page shows nothing in the DataGrid (code snippet below).  I checked the SELECT statement in my MS SQL Server 2005 database and the correct records are returned.  Is there something wrong with the syntax of my SELECT statement (no error mesages are generated)?
<asp:DataGrid ID="DataGrid1" runat="server" AllowPaging="True" AllowSorting="True" PageSize="10" 

            OnPageIndexChanged="DataGrid_PageChanger" BorderColor="Black" BorderWidth="1px" CellPadding="2" 

            DataSourceID="SqlDataSource1" ForeColor="#333333" AutoGenerateColumns="False">

            <FooterStyle BackColor="#5D7B9D" Font-Bold="True" ForeColor="White" />

            <EditItemStyle BackColor="#999999" />

            <SelectedItemStyle BackColor="Yellow" Font-Bold="False" ForeColor="Maroon" Font-Italic="False" Font-Overline="False" Font-Strikeout="False" Font-Underline="False" />

            <PagerStyle BackColor="#284775" ForeColor="White" HorizontalAlign="Center" Mode="NumericPages" />

            <AlternatingItemStyle BackColor="White" ForeColor="#284775" />

            <ItemStyle BackColor="#F7F6F3" ForeColor="#333333" />

            <HeaderStyle BackColor="#5D7B9D" Font-Bold="True" ForeColor="White" HorizontalAlign="Center" VerticalAlign="Middle" />

            <Columns>

                <asp:HyperLinkColumn DataNavigateUrlField="sku" DataNavigateUrlFormatString="product_details.aspx?sku={0}" Text="View Product" />

                <asp:BoundColumn DataField="sku" HeaderText="SKU" ReadOnly="True"></asp:BoundColumn>

                <asp:BoundColumn DataField="product" HeaderText="Product" ReadOnly="True"></asp:BoundColumn>

                <asp:BoundColumn DataField="short_descr" HeaderText="Model / Size" ReadOnly="True"></asp:BoundColumn>

                <asp:BoundColumn DataField="price" HeaderText="Price" ReadOnly="True"></asp:BoundColumn>

            </Columns>

        </asp:DataGrid>

        <asp:SqlDataSource ID="SqlDataSource1" runat="server" ConnectionString="<%$ ConnectionStrings:omahavaccineConnectionString %>"

            SelectCommand="SELECT product.sml_img as image, product.sku as sku, product_main.product_name as product, product.product_name as short_descr, product.price as price, Categorization.categoryID AS id FROM product INNER JOIN product_main ON product.associated_master_product_id = product_main.id INNER JOIN Categorization ON product.sku = Categorization.sku WHERE (product.sku NOT LIKE '%-main') AND ((product_main.product_name LIKE '%@strSearch%') OR (product.sku LIKE '@strSearch%')) ORDER BY product.name">

            <SelectParameters>

                <asp:QueryStringParameter Name="strSearch" QueryStringField="search" Type="String" />

            </SelectParameters>

        </asp:SqlDataSource>

Open in new window

0
Comment
Question by:OVC-it-guy
  • 4
  • 4
9 Comments
 
LVL 17

Expert Comment

by:HoggZilla
ID: 22859914
Check your variables, they are in quotes. I know you want the results to be in quotes for the SQL stmt but you may have to pull them out of the quotes.
0
 
LVL 17

Expert Comment

by:HoggZilla
ID: 22859918
MySQL="Select * from Customers where lname = '" & sLName & "'"
0
 
LVL 17

Accepted Solution

by:
HoggZilla earned 500 total points
ID: 22859932
If you are trying to use a Paramatized Query, check your syntax here:
http://aspnet101.com/aspnet101/tutorials.aspx?id=1
 
0
 
LVL 8

Expert Comment

by:eszaq
ID: 22860049
Check if this might be a problem - your WHERE clause reads:
OR (product.sku LIKE '@strSearch%'))
Wild character is missing:
OR (product.sku LIKE '%@strSearch%')


0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 

Author Comment

by:OVC-it-guy
ID: 22861206
eszaq,

No, I left the wild character out of that where clause because our customers know our id numbers (sku's) from our hardcopy catalog.  WHat they sometime forget is the last letter, if there is one (e.g., the actual shu is 01473A, but all they enter is 01473).  Using like with the trailing wild character will catch that.
0
 

Author Comment

by:OVC-it-guy
ID: 22861227
HoggZilla,

When I put in the extra quotes (because the entire SQL query is in doubles and like must have the single quotes), I get the error that the variable name "Attribute 'strSearch' is not a valid attribute of element SqlDataSource."  I think your suggestion is going in the right direction because I do need it in quotes as a string in case the customer searches for more than one word.
0
 

Author Comment

by:OVC-it-guy
ID: 22861258
HoggZilla,

I tried the tutorial, found the bit about quotes with like in the where clause.  So I tried it as follows:
SelectCommand="SELECT product.sml_img as image, product.sku as sku, product_main.product_name as product, product.product_name as short_descr, product.price as price, Categorization.categoryID AS id FROM product INNER JOIN product_main ON product.associated_master_product_id = product_main.id INNER JOIN Categorization ON product.sku = Categorization.sku WHERE (product.sku NOT LIKE '%-main') AND ((product_main.product_name LIKE '%' + @strSearch + '%') OR (product.sku LIKE '%' + @strSearch = '%')) ORDER BY product.name">

Now I get the error System.Data.SqlClient.SqlException: Incorrect syntax near '=' when it hits the DataGrid1.DataBind() upon page_load.  ANybody got any ideas?
0
 

Author Comment

by:OVC-it-guy
ID: 22861278
Oops, caught my mistake (not holding the shift key when I need a +).  HoggZilla, the tutorial was the answer.
0
 
LVL 17

Expert Comment

by:HoggZilla
ID: 22861422
product_main.product_name LIKE '%" & @strSearch & "%') OR
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

'Between' is such a common word we rarely think about it but in SQL it has a very specific definition we should be aware of. While most database vendors will have their own unique phrases to describe it (see references at end) the concept in common …
PL/SQL can be a very powerful tool for working directly with database tables. Being able to loop will allow you to perform more complex operations, but can be a little tricky to write correctly. This article will provide examples of basic loops alon…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now