在aspx中填充下拉列表。转换失败

时间:2013-04-03 07:18:46

标签: asp.net sql vb.net

对于位置和供应商,我在aspx第一页中有两个下拉列表。根据位置下拉列表中选择的值,供应商下拉列表必须填充...我正在尝试使用位置名称进行绑定

位置:

                <asp:DropDownList ID="ddlAllLocations" runat="server" DataSourceID="SqlDataSourceBusinessLocations"
                    DataTextField="Location_Name" DataValueField="Location_ID" AutoPostBack="True"  AppendDataBoundItems="True">
   <asp:ListItem value="" selected="True">

供应商:

<asp:SqlDataSource ID="SqlDataSourceAllVendors" runat="server" ConnectionString="<%$ ConnectionStrings:xxxxx %>"
        ProviderName="<%$ ConnectionStrings:xxxxx.ProviderName %>" SelectCommand="GetAllVendorsForBUforLocation"
        SelectCommandType="StoredProcedure">
       <SelectParameters>
            <asp:SessionParameter Name="userBUIds" SessionField="BusinessUnitIds" Size="200"
                Type="String" />

             <asp:ControlParameter ControlID="ddlAllLocations" Name="LOCATION_ID" PropertyName="SelectedValue"
                Type="String" />
        </SelectParameters>

    </asp:SqlDataSource>

我的存储过程是

-- =============================================
ALTER PROCEDURE [dbo].[GetAllVendorsForBUforLocation]
    @userBUIds varchar(200),
    @LOCATION_ID int
AS
DECLARE @sql NVARCHAR(4000)   
BEGIN
    set @sql='SELECT DISTINCT tblVendor_Payees.PayeeID, RTRIM(ISNULL(a.Name1_Last, '''')) + '' '' + ISNULL(a.Name1_First, '''') AS VendorName, tblVendor_Business.BusinessID FROM tblVendor_Payees AS a left JOIN tblFields AS f ON a.PayeeID = f.VendorID INNER JOIN tblVendor_Business ON a.PayeeID = tblVendor_Business.PayeeID INNER JOIN INVENTORY.TBL_LOCATION  on INVENTORY.TBL_LOCATION.BusinessID = tblVendor_Business.BusinessID WHERE (a.VendorType = 1) AND (tblVendor_Business.BusinessID = '+cast(@userBUIds as varchar(50))+' and INVENTORY.TBL_LOCATION.LOCATION_ID = '+cast(@LOCATION_ID as int)+') ORDER BY VendorName'
 exec sp_executeSQL @sql 
END

我收到此错误:

转换varchar值时转换失败'SELECT DISTINCT tblVendor_Payees.PayeeID,RTRIM(ISNULL(a.Name1_Last,''))+''+ ISNULL(a.Name1_First,'')AS VendorName,tblVendor_Business.BusinessID FROM tblVendor_Payees作为左边JOIN tblFields AS f ON a.PayeeID = f.VendorID INNER JOIN tblVendor_Business on a.PayeeID = tblVendor_Business.PayeeID INNER JOIN INVENTORY.TBL_LOCATION on INVENTORY.TBL_LOCATION.BusinessID = tblVendor_Business.BusinessID WHERE(a.VendorType = 1)AND (tblVendor_Business.BusinessID = 2和INVENTORY.TBL_LOCATION.LOCATION_ID ='到数据类型int

1 个答案:

答案 0 :(得分:1)

您收到错误消息是因为您尝试将整数添加到字符串中。由于int的优先级高于varchar,因此SQL会尝试将varchar转换为int。由于varchar不包含有效整数,因此此转换将失败。

更重要的是,通过在存储过程中使用字符串连接和动态SQL,您可以对SQL injection保持开放态度。您的查询甚至没有做足够复杂的事情来证明动态SQL!

如果您迫切希望保留动态SQL,请使用sp_executesql的参数化版本:

set @sql = N'SELECT DISTINCT 
tblVendor_Payees.PayeeID, 
RTRIM(ISNULL(a.Name1_Last, '''')) + '' '' + ISNULL(a.Name1_First, '''') AS VendorName, 
tblVendor_Business.BusinessID 
FROM tblVendor_Payees AS a left 
JOIN tblFields AS f ON a.PayeeID = f.VendorID 
INNER JOIN tblVendor_Business ON a.PayeeID = tblVendor_Business.PayeeID 
INNER JOIN INVENTORY.TBL_LOCATION  on INVENTORY.TBL_LOCATION.BusinessID = tblVendor_Business.BusinessID 
WHERE (a.VendorType = 1) 
AND (tblVendor_Business.BusinessID = @userBUIds 
and INVENTORY.TBL_LOCATION.LOCATION_ID = @LOCATION_ID) 
ORDER BY VendorName'

exec sp_executeSQL 
   @stmt = @sql, 
   N'@userBUIds varchar(200), @LOCATION_ID int',
   @userBUIds = @userBUIds,
   @LOCATION_ID = @LOCATION_ID

否则,跳过动态SQL并直接执行查询。

相关问题
最新问题