Click here to Skip to main content
15,117,549 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
Hi, i m pretty new to asp.net and working with a project..

In my scenario in the first page i have a dropdown, 2 textboxes n a button
C#
protected void Button2_Click(object sender, EventArgs e)
   {
       Session["date"] = Request["TextBox1"];
       Session["duedate"] = Request["TextBox2"];
       Session["status"] = Request["DropDownList1"];
       Response.Redirect("Default6.aspx");

   }

the above code is in the first page. Then in the second page i have a gridview which m populating as follows:-

C#
string conn = System.Configuration.ConfigurationManager.ConnectionStrings["CrystalConnectionString"].ConnectionString;
            SqlConnection connection = new SqlConnection(conn);
            string que = "select * from Table4 where ( (status='" + Session["status"] + "' and date='" + Session["date"] + "' and duedate='" + Session["duedate"] + "') or ((status='" + Session["status"] + "')   )  ";
            SqlDataAdapter sd = new SqlDataAdapter(que, connection);
            DataSet dsa = new DataSet();
            sd.Fill(dsa, "Table4");
            GridView1.DataSource = dsa;
            GridView1.DataBind();


here only one part of the query runs fine not the other. please help me with this.

Thanks in advance...
Posted
Updated 4-Jan-12 2:00am
v2
Comments
visnumca123 4-Jan-12 7:00am
   
what type of error you are getting here
koolprasadd 4-Jan-12 7:01am
   
what is error ?
Nicholas Butler 4-Jan-12 7:05am
   
AmitGajjar 4-Jan-12 7:30am
   
use Stored procedure if possible.

Probably you are missing one bracket at the end of the query. try replacing with the below text

C#
string que = "select * from Table4 where ( (status='" + Session["status"] + "' and date='" + Session["date"] + "' and duedate='" + Session["duedate"] + "') or ((status='" + Session["status"] + "')   )  )";


Hope this helps !!!
   
The query should generate an exception since you're missing (or having an extra) parenthesis.

Also never concatenate literal values to your query. For example, try what happens if you input "some'text" to TextBox1. Use SqlParameter[^] with your queries. So the query could look like:
C#
...
string que = @"
select * 
from Table4 
where (status=@status and [date]=@date and duedate=@duedate) or (status=@status)";
command.Parameters.AddWithValue("@status", Session["status"]);
command.Parameters.AddWithValue("@date ", Session["date"]);
command.Parameters.AddWithValue("@duedate", Session["duedate"]);
...

Since you have currently used just a SQL string, you would need a SqlCommand[^] to properly assign parameters. Also note that if you use reserved words, enclose them with []

Also it looks like all your columns in the table are strings but you use date data. Always try to use proper data types (for example date or datetime2 for date columns). This eliminates unnecessary type conversions etc.
   
Hi,

Try the following

C#
string que = "select * from Table4 where status='"
                + Session["status"] + "' and date='" + Session["date"] + "' and duedate='" + Session["duedate"] + "' or status='" + Session["status"] + "'";



But try to use stored procedure instead of inline queries....
   
SqlConnection connection = new SqlConnection("MyConnectionString");
            string que = "select * from Table4 where (status=@status and [date]=@date and duedate=@duedate) or (status=@status)";
            SqlCommand cmd = new SqlCommand(que, connection);
            cmd.Parameters.AddWithValue("@status", Session["status"]);
            cmd.Parameters.AddWithValue("@date ", Session["date"]);
            cmd.Parameters.AddWithValue("@duedate", Session["duedate"]);
            SqlDataAdapter da = new SqlDataAdapter(cmd);
            DataSet ds = new DataSet();
            da.Fill(ds, "Table4");
            GridView1.DataSource = ds;
            GridView1.DataBind();
   
if in case your session values are not so private or you are about to passing values from 1 page to another. Then you can try a global static class where you declare your static string variables and on btnClick you can pass your values to these Global member variables and use these variables's values in other page.
   

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900