 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / General / March 2008Moving SqlDataSource to ObjectDataSource. need help
Hi everybody I am converting my pages to use ObjectDataSource instead of SqlDataSource and want to keep the same user interface but have a small problem. In a page using SqlDataSource I have a textbox where user can input the query (whole query in SQL). Then by clicking the search button I was using it as: SqlDataSource1.SelectCommand = txtQuery.Text. I want to have the same interface into a converted page where I am using ObjectDataSource. How can I do this? I can probably have a select method where there will a parameter for every column and then have a textbox for every column in the page where user can enter search parameters and it may work as well, but I am using this project only inside the company where only people having the knowledge of SQL are using it, so they can write their queries fast and check what they want. Can someone tell the answer or guide to a link? Thanks in advance Raja You will have to create an object with the job of delivering SQL. The SQL string will then be sent to the database from the object and run. Since you are dealing with random FUD, you will likely have to return a Random DataSet. NOTE: This is not a good security practice, as anyone with a SQL background can do major damage to your database with this wide open ability. You should restrict the account that can run queries this way to only being able to query tables that it should have access to and stop any security SQL or DDL from running under this account.  SignatureGregory A. Beamer MVP; MCP: +I, SE, SD, DBA ************************************************* Think outside of the box! ************************************************* > Hi everybody > I am converting my pages to use ObjectDataSource instead of [quoted text clipped - 19 lines] > Thanks in advance > Raja I know this is an old thread, but in case anyone else stumbles across this trying to do it, there is a VERY easy way to do it. You can create a SelectParameter that will be set to the dynamic SQL query you want to run. Then in your data source, in the SelectMethod and Selectmethod calls, you need to add the extra parameter (first parameter actually). In the SelectMethod, just use what is passed in. In the SelectCount method (assuming a paged data source), you'll need to replace everything before the "FROM" clause with "SELECT COUNT(*) ". That's it. I did this so that bound controls I was using could set filter criteria easily or even pass a very complex where clause in the query referencing many things without needing lots of separate parameters for all the different columns or tables referenced, and so I also could easily drop out requested columns if I only want a subset. Because the calling code uses reflection, it all works beautifully. That said, i echo the caution about security vulnerability. In my case, it is special code-behind code behind my controls that is crafting the query. I do NOT recommend ever just passing whatever a user types in. From http://www.developmentnow.com/g/8_2006_8_0_0_814203/Moving-SqlDataSource-to-Obje ctDataSource-need-help.ht
Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.