how to use Gridview

Question

I have a webform where I can display data from a mysql database on a page with a gridview. I have placed a Textbox on the webform, which I would like to search among database records.

 string mysqlconnectionstring = "Server=server;Database=dataser;Uid=user;Pwd=passw;CharSet=utf8";
 MySqlConnection MyConnection = new MySqlConnection(mysqlconnectionstring);
 string query = "select * from Tools where NameofTool like '" + Search_txt.Text + "%'";
 MySqlDataAdapter da = new MySqlDataAdapter(query, MyConnection);
 DataSet ds = new DataSet();
 da.Fill(ds);
 GridView1_0.DataSource = ds;
 GridView1_0.DataBind();

So, if I understand the problem of extracting all the data from a datasource at the beginning, and then I want to give it the search. Of course I can interpret it wrong, sorry.

So the goal would be to get data from a DataSource, run it out with a GridView, then update the GridView according to the results.

Thanks :)

score 0 · Answer 1 · edited May 23 '17 at 12:26

dt2.Rows.Clear();
cn.Open();
string comm = "SELECT * From Ansprechperson WHERE Name LIKE '%'+ @Firma + '%' AND KundenNr LIKE @KundenNr";
cmd = new SqlCeCommand(comm, cn);
cmd.Parameters.Add("@Firma", SqlDbType.NVarChar, 100).Value = editContactFilter.Text;
cmd.Parameters.Add("@KundenNr", SqlDbType.NVarChar, 100).Value = KundenNr;
using (adapt = new SqlCeDataAdapter(cmd))
{
     adapt.Fill(dt2);
}
dataGridView2.DataSource = dt2;
cn.Close();

This is an example that worked for me. Please look into parameters to make your application SQL-Injection safe. Why Parameters protect you from SQL-Injection.

dt2 is a DataTable:DataTable dt2 = new DataTable();

score -1 · Answer 2 · answered May 09 '17 at 09:27

-1

ideal approach would be search precise data from sql insdead first get all the data in data set and go for an other search.

kindly dont use inline queries like

string query = "select * from Tools where NameofTool like '" + Search_txt.Text + "%'";

instead use stored procedures. these inline queries are prone to sql injection.

so your ans would be "create a stored procedure with filter parameter" and then bind GridView with returned data.

answered May 09 '17 at 09:27

Asfand

1
2

1

You don't need to use stored procedures to avoid Sql injection, using command parameters is fine. And this doesn't answer the question anyway. – stuartd May 09 '17 at 09:28

how to use Gridview

2 Answers2