tags:

views:

39

answers:

2
+2  Q: 

constructing paramater query SQL - LIKE % in .cs and in grid view

Hello friends,

I am trying to implement admin login and operators(india,australia,america) login, now operator id starts with 'IND123' 'AUS123' and 'AM123'

when operator india logs in he can see the details of only members have id 'IND%', the same applies for an australian and american users

and when admin logs in he can see details of members with id 'IND%' or 'AUS%' or 'AM%'

i have a table which defines the role i.e admin or operator and their prefix(IND,AUS respectively)

In loginpage i created a session for Role and prefix PREFIX = myReader["Prefix"].ToString(); Session["LoginRole"] = myReader["Role"].ToString(); Session["LoginPrefix"] = String.Concat(PREFIX + "%"); works fine

In main page(after login) i have to count the number of member so i wrote

    string prefix = Session["LoginPrefix"].ToString();
    string role = Session["LoginRole"].ToString();

    if (role.Equals("ADMIN"))
            StrMemberId = "select count(*) from MemberList";
    else
        StrMemberId = "select count(*) from MemberList where MemberID like '"+prefix+"'";

thatworks fine too

Problem: 1. i want to constructor parameter something like StrMemberId = "select count(*) from MemberList where MemberID like '@prefix+'";

myCommd.Parameters.AddWithValue("@prefix", prefix); Which is not working

2 Displaying the members in gridview i need to give condition (something like if (role.Equals("ADMIN")) show all members else show member depending on the operator prefix)the list of members in operator mode and admin mode. - where to put the condition in gridview how to apply these

please suggest something Regards

Indranil

+1  A: 
  1. It should be "select count(*) from MemberList where MemberID like @prefix";
  2. You can better do all these checks in a sub-procedure and return the results accordingly. The resultset then can be bound to the gridview
Veer  2010-05-19 06:51:29
kool it works..thanks, any idea about the 2nd problem?
Indranil Mutsuddy  2010-05-19 06:59:24
SideNote: If you're not aware take a look at this too: http://www.codeproject.com/KB/database/SqlInjectionAttacks.aspx
Veer  2010-05-19 07:02:30
@Indranil Mutsuddy: check my edit for second issue
Veer  2010-05-19 07:04:04
A: 

You need to construct your query as follows:

"select count(*) from MemberList where MemberID like @prefix"

then

cmd.Parameters.AddWithValue("@prefix", prefix + "%")

James H  2010-05-19 06:51:57
I think he has already concatenated the `%`
Veer  2010-05-19 06:54:59
kool it works thanks, any idea about the 2nd problem?p.s. i appended % in prefix Session["LoginPrefix"] = String.Concat(PREFIX + "%");
Indranil Mutsuddy  2010-05-19 07:00:50

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?