-3

I have a dropdownlist in a gridview and when the textbox is changed, I would like the selected value in the dropdownlists (three separate ones in total) to match the data in the database. The code in the textbox changed event is below:

protected void TextBox1_TextChanged(object sender, EventArgs e)
    {
        DropDownList ddl = new DropDownList();
        string connectionString = ConfigurationManager.ConnectionStrings["*******"].ConnectionString;
        using (SqlConnection con = new SqlConnection(connectionString))
        {
            string query = "SELECT one, two, three FROM table WHERE id = " + TextBox1.Text;
            SqlDataAdapter sda = new SqlDataAdapter(query, con);
            DataSet ds = new DataSet();
            int num = sda.Fill(ds);
            if (num > 0)
            {
                GridView1.Visible = true;
                GridView1.DataSource = ds;
                GridView1.DataBind();
            }
            else
            {
                if (num == 0)
                {
                    GridView1.Visible = false;
                }
                else
                {
                    BindGrid();
                }
            }
        }
a1yx
  • 97
  • 2
  • 9
  • Your design is prone to SQL-injection. What if someone typed this in `TextBox1`: "1; drop database DB_NAME()". Validators do not completely prevent this, a hacker could modify the ViewState to get around this. – Mr Anderson Jul 21 '16 at 15:56
  • The textbox can only have up to ten characters and it only allows integers. The moment you try to type in anything else it will prompt you. And I solemnly swear that I will parameterize it, I just want to get it working first (two days and counting) – a1yx Jul 21 '16 at 16:02
  • Is your query supposed to return exactly one row? – Mr Anderson Jul 21 '16 at 16:10
  • No it can return multiple rows – a1yx Jul 21 '16 at 16:22
  • What values would populate the dropdownlists if it returns multiple rows? The values from the first row? – Mr Anderson Jul 21 '16 at 16:24
  • So right now the gridview has three ddls each corresponding to a column in the database. The query and the if/else provides the # of rows that will be displayed. What I think might work is getting the values of **one, two and three** somehow since they're being called in the **select** and maybe using a FindControl on the gridview and get the selected value like that. But I'm having problems going about it – a1yx Jul 21 '16 at 16:30
  • Possible duplicate of [how to bind a dropdownlist in gridview?](http://stackoverflow.com/questions/7329224/how-to-bind-a-dropdownlist-in-gridview) – Mr Anderson Jul 21 '16 at 16:33

1 Answers1

0

Try using the RowDataBound event. For this to work, the drop-down-lists must already be populated with values, and in the event, the SelectedValue will be assigned.

protected void GridView1_RowDataBound(Object sender, GridViewRowEventArgs e)
{
    if (e.Row.RowType == DataControlRowType.DataRow)
    {
        // this assumes the drop-down-list columns are the first, second, and third columns (ordinal positions 0, 1, and 2)
        DropDownList ddl1, ddl2, ddl3;
        ddl1 = (DropDownList)e.Row.Cells[0].Controls[0];
        ddl2 = (DropDownList)e.Row.Cells[1].Controls[0];
        ddl3 = (DropDownList)e.Row.Cells[2].Controls[0];
        DataRow currentRow = (DataRow)e.Row.DataItem;
        ddl1.SelectedValue = currentRow[0].ToString();
        ddl2.SelectedValue = currentRow[1].ToString();
        ddl3.SelectedValue = currentRow[2].ToString();
    }
}
Mr Anderson
  • 2,200
  • 13
  • 23