asp.net/Oracle query and gridview question might be simple?

Question

How can I make this get a specific users data, Example user enters his 3 digit code in the badge text box so that

only his information is shown. Can I add a where clause to the select command? or is there a better way to do this?

Also is there a good book out there with information about asp.net, c# and oracle.

 // string Badge = "100000" + Request.Form["xBadgeTextBox"]; in

default.aspx.cs //"SELECT * FROM CLOCK_HISTORY WHERE BADGE ='" + Badge + "'"; would something like this work?

<asp:SqlDataSource ID="SqlDataSource1" runat="server" 
             ConnectionString="<%$ ConnectionStrings:ConnectionStrings %>" 
             ProviderName="<%$ ConnectionStrings:ConnectionStrings.ProviderName %>" 
             SelectCommand="SELECT &quot;CLOCK_IN_TIME&quot;, &quot;CLOCK_OUT_TIME&quot; FROM &quot;CLOCK_HISTORY&quot;">
             </asp:SqlDataSource>

Answer 1

From your first code chunk it looks like you want to pass a parameter to a web page? Look into Query Strings.

In your page you can then access this query string value and pass it to your SQL SELECT statement; yes it would go into a WHERE clause.

UPDATE: in relation to the comment, read the following MSDN page:

http://msdn.microsoft.com/en-us/library/6c3yckfw.aspx

Also, you could try looking into ASP.NET Profiles where you could potentially tailor an entire page based on the current user, but this might be more complicated than is required.