0

I have a checkbox list category for the website i'm doing. When a checkbox is checked in that list I want the list to be reduced and the results that I checked will appear. How do I do it?

Home.aspx

<asp:CheckBoxList ID="CheckBoxList1" runat="server" DataSourceID="SqlDataSource2"
    DataTextField="SBrand" DataValueField="SBrand" AutoPostBack="True"
    SelectedIndexChanged="gvStock_SelectedIndexChanged" 
    OnSelectedIndexChanged="CheckBoxList_SelectedIndexChanged" 
    OnPageIndexChanging="gvStock_PageIndexChanging" CssClass="checkboxlist">
</asp:CheckBoxList>
<asp:SqlDataSource ID="SqlDataSource2" runat="server" 
    ConnectionString="<%$ ConnectionStrings:DefaultConnection %>" 
    SelectCommand="SELECT DISTINCT [SBrand] FROM [Stock]">
</asp:SqlDataSource>

Home.aspx.cs

protected void CheckBoxList_SelectedIndexChanged(object sender, EventArgs e)
{
    string chkbox = "";
    Label1.Visible = false;
    for (int i = 0; i < CheckBoxList1.Items.Count; i++)
    {
        if (CheckBoxList1.Items[i].Selected == true)
        {
            if (chkbox == "")
            {
                chkbox = "'" + CheckBoxList1.Items[i].Text + "'";
            }
            else
            {
                chkbox += "," + "'" + CheckBoxList1.Items[i].Text + "'";
            }
            Label1.Text = chkbox;

            string mainconn = 
                ConfigurationManager.ConnectionStrings["DefaultConnection"].ConnectionString;
            SqlConnection sqlconn = new SqlConnection(mainconn);
            string sqlquery = "SELECT [pCode],[pID],[bCode], [SBrand], 
                [SDescription], [sCost] , [sPrice] , [SType] , [sSupplierName] , 
                [sSupplierDirect], [fCost] 
                FROM Stock 
                where SBrand in (" + Label1.Text + ")";
            SqlCommand sqlcomm = new SqlCommand(sqlquery, sqlconn);
            sqlconn.Open();
            SqlDataAdapter sda = new SqlDataAdapter(sqlcomm);
            DataTable dt = new DataTable();
            sda.Fill(dt);
            this.gvStock.DataSource = dt;
            this.gvStock.DataBind();

        }
    }
wazz
  • 4,953
  • 5
  • 20
  • 34
Charis S.
  • 1
  • 1
  • https://stackoverflow.com/questions/14376473/what-are-good-ways-to-prevent-sql-injection – mjwills Nov 06 '19 at 01:29
  • I mean your code has a SQL Injection bug. – mjwills Nov 06 '19 at 03:34
  • @mjwills how should i proceed with this? – Charis S. Nov 07 '19 at 06:04
  • You actually need to look at doing this the other way round. If you hide things not selected as you select items, the first thing you select will hide all the other items. You need to work from items being un-selected being hidden. This is also a bad idea since people will change what they want overtime. Why would you want to hide potential selections from the user? – MaCron Nov 25 '19 at 17:45

0 Answers0