http://forums.asp.net/t/1000209.aspx/1?In+line+code+in+asp+SqlDataSourceMon, 07 Jan 2008 06:11:51 -050010002091316868http://forums.asp.net/p/1000209/1316868.aspx/1?In+line+code+in+asp+SqlDataSource <p class="MsoNormal" style="margin:0in 0in 0pt"><span style="font-size:10pt; font-family:Arial">Hi,</span></p> <p class="MsoNormal" style="margin:0in 0in 0pt"><span style="font-size:10pt; font-family:Arial">&nbsp;</span></p> <p class="MsoNormal" style="margin:0in 0in 0pt"><span style="font-size:10pt; font-family:Arial">I have a problem with the </span><span style="font-size:10pt; font-family:Arial">&lt;asp:SqlDataSource.<span style="">&nbsp; </span>The thing that I try to do is to create a SQL<span style="">&nbsp; </span>statement.<span style="">&nbsp; </span>I am not sure if this can be done or not ( just started asp.net).</span></p> <p class="MsoNormal" style="margin:0in 0in 0pt"><span style="font-size:10pt; font-family:Arial">&nbsp;</span></p> <p class="MsoNormal" style="margin:0in 0in 0pt"><span style="font-size:10pt; font-family:Arial">Something like this:</span></p> <p class="MsoNormal" style="margin:0in 0in 0pt"><span style="font-size:10pt; font-family:Arial">&nbsp;</span></p> <p class="MsoNormal" style="margin:0in 0in 0pt"><span style="font-size:10pt; background:yellow; font-family:Arial">&lt;%</span></p> <p class="MsoNormal" style="margin:0in 0in 0pt"><span style="font-size:10pt; font-family:Arial"><span style="">&nbsp;&nbsp;&nbsp; </span>Dim Test1 As String</span></p> <p class="MsoNormal" style="margin:0in 0in 0pt"><span style="font-size:10pt; font-family:Arial"><span style="">&nbsp;&nbsp;&nbsp; </span>Dim Test2 As String</span></p> <p class="MsoNormal" style="margin:0in 0in 0pt"><span style="font-size:10pt; font-family:Arial"><span style="">&nbsp;&nbsp;&nbsp; </span>Dim Test3 As String</span></p> <p class="MsoNormal" style="margin:0in 0in 0pt"><span style="font-size:10pt; font-family:Arial"><span style="">&nbsp;&nbsp;&nbsp; </span>Dim Test4 As String</span></p> <p class="MsoNormal" style="margin:0in 0in 0pt"><span style="font-size:10pt; font-family:Arial"><span style="">&nbsp;&nbsp;&nbsp; </span></span></p> <p class="MsoNormal" style="margin:0in 0in 0pt"><span style="font-size:10pt; font-family:Arial"><span style="">&nbsp;&nbsp;&nbsp; </span>Test1 = Request(&quot;xmbr&quot;)</span></p> <p class="MsoNormal" style="margin:0in 0in 0pt"><span style="font-size:10pt; font-family:Arial"><span style="">&nbsp;&nbsp;&nbsp; </span>Test2 = Request(&quot;xSEL&quot;)</span></p> <p class="MsoNormal" style="margin:0in 0in 0pt"><span style="font-size:10pt; font-family:Arial"><span style="">&nbsp;&nbsp;&nbsp; </span>Test3 = Request(&quot;xpro&quot;)</span></p> <p class="MsoNormal" style="margin:0in 0in 0pt"><span style="font-size:10pt; font-family:Arial"><span style="">&nbsp;&nbsp;&nbsp; </span>Test4 = &quot;SELECT [jedan], [dva], [tri], [cetiri], [pet] FROM [pet1] where &quot; &amp; (Test1) &amp; &quot; &quot; &amp; (Test2) &amp; &quot;'&quot; &amp; (Test3) &amp; &quot;'&quot;</span></p> <p class="MsoNormal" style="margin:0in 0in 0pt"><span style="font-size:10pt; font-family:Arial"><span style="">&nbsp;&nbsp; </span></span></p> <p class="MsoNormal" style="margin:0in 0in 0pt"><span style="font-size:10pt; background:yellow; font-family:Arial">%&gt;</span><span style="font-size:10pt; font-family:Arial"><span style="">&nbsp; </span></span></p> <p class="MsoNormal" style="margin:0in 0in 0pt"><span style="font-size:10pt; font-family:Arial">&nbsp;</span></p> <p class="MsoNormal" style="margin:0in 0in 0pt"><span style="font-size:10pt; font-family:Arial">&nbsp;</span></p> <p class="MsoNormal" style="margin:0in 0in 0pt"><span style="font-size:10pt; font-family:Arial">&lt;asp:SqlDataSource ID=&quot;SqlDataSource1&quot; runat=&quot;server&quot; ConnectionString=&quot;<span style="background:yellow">&lt;%</span>&#36; ConnectionStrings:FinGateConnectionString <span style="background:yellow">%&gt;</span>&quot; SelectCommand=&quot;<font color="#ff0000"><span style="background:yellow">&lt;%</span>= Test4<span style="background:yellow">%&gt;</span></font>&quot;&gt;</span></p> <p class="MsoNormal" style="margin:0in 0in 0pt"><span style="font-size:10pt; font-family:Arial">&nbsp;</span></p> <p class="MsoNormal" style="margin:0in 0in 0pt"><span style="font-size:10pt; font-family:Arial">&nbsp;</span></p> <p class="MsoNormal" style="margin:0in 0in 0pt"><span style="font-size:10pt; font-family:Arial">The problem is that is giving me an error that I cant figure out.</span></p> <p class="MsoNormal" style="margin:0in 0in 0pt"><span style="font-size:10pt; font-family:Arial"></span>&nbsp;</p> <p class="MsoNormal" style="margin:0in 0in 0pt"><span style="font-size:10pt; font-family:Arial">-------------------------------------------------</span></p> <p class="MsoNormal" style="margin:0in 0in 0pt"><span style="font-size:10pt; font-family:Arial">&nbsp;</span></p> <p class="MsoNormal" style="margin:0in 0in 12pt"><b><span style="font-size:10pt; font-family:Arial">Description: </span></b><span style="font-size:10pt; font-family:Arial">An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. <br> <br> <b>Exception Details: </b>System.Data.SqlClient.SqlException: Line 1: Incorrect syntax near '&lt;'.<br> <br> <b>Source Error:</b> </span></p> <p> <table cellpadding="0" width="100%" bgcolor="#ffffcc" border="0" style="background:#ffffcc; width:100%"> <tbody> <tr> <td style="border-right:#d4d0c8; padding-right:0.75pt; border-top:#d4d0c8; padding-left:0.75pt; padding-bottom:0.75pt; border-left:#d4d0c8; padding-top:0.75pt; border-bottom:#d4d0c8; background-color:transparent"> <p class="MsoNormal" style="margin:0in 0in 0pt"><pre class="prettyprint">An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.</pre><span style="font-size:10pt; font-family:Arial"> </span><span style="font-size:10pt; font-family:Arial"></span></p> </td> </tr> </tbody> </table> </p> <p class="MsoNormal" style="margin:0in 0in 0pt"><span style="font-size:10pt; font-family:Arial">&nbsp;<span style="font-size:10pt; font-family:Arial">-------------------------------------------------</span></span></p> <p class="MsoNormal" style="margin:0in 0in 0pt"><span style="font-size:10pt; font-family:Arial">&nbsp;</span></p> <p class="MsoNormal" style="margin:0in 0in 0pt"><span style="font-size:10pt; font-family:Arial">Thanks.</span></p> <p class="MsoNormal" style="margin:0in 0in 0pt"><span style="font-size:10pt; font-family:Arial">&nbsp;</span></p> <p><span style="font-size:10pt; font-family:Arial">Nbdg_28</span></p> 2006-06-16T16:41:01-04:001316921http://forums.asp.net/p/1000209/1316921.aspx/1?Re+In+line+code+in+asp+SqlDataSource <p>First off - you're trying to use inline codeblocks, it seems, like in the old Classic ASP days. It's no longer done this way in ASP.Net. Since ASP.Net is event-driven, all code code is in event handlers (subs/functions). In this case, what you'd probably need to do is to create/Dim some global variables in your page (outside any events), and inside the Page_Load event, assign the variable names, just like you did </p> <p>Therefore, you would not use a code block segment, either, in the SelectCommand property of a SQLDataSource control. That is for the SQL statement or Stored Procedure name only.</p> <p>Also - if you haven't heard about SQL Injection attacks, you need to learn now....instead of using concatenated SQL statements, the answer to SQL Injection attacks, in this case, is parameterized queries. Check out this 2 part tutorial on Parameterized Queries at ASPNet101.com:<br> <a href="http://aspnet101.com/aspnet101/tutorials.aspx?id=1">http://aspnet101.com/aspnet101/tutorials.aspx?id=1</a></p> <p>That being said, you can use a SQL statement (Select [Field list] from [Table name] where <a href="mailto:Field1=@Field1">Field1=@Field1</a> and <a href="mailto:Field2=@Field2"> Field2=@Field2</a>, etc</p> <p>Then, inside your SQLDataSource, use the parameters section to assign where the data for each parameter is coming from.</p> 2006-06-16T17:36:04-04:002093583http://forums.asp.net/p/1000209/2093583.aspx/1?Re+In+line+code+in+asp+SqlDataSource <p>Hi, </p> <p>I'm trying to use inline code inside my sqldatasource..</p> <p>&nbsp;&lt;asp:Parameter Name=&quot;CREATION_DATE&quot; Type=&quot;DateTime&quot;&nbsp; DefaultValue= '&lt;%System.DateTime.Now.ToString()%&gt;' /&gt;</p> <p>This gives me an error saying input string was not in correct format..</p> <p>&nbsp;Could someone help me in this?<br> &nbsp;</p> 2008-01-07T06:11:51-05:00