我的axps.cs页面中有以下代码......我的sql Query中的fetchin会话值有问题:
connection.Open();
string sqlStatement = "SELECT date as 'Date',name as 'Name',gender as 'Gender',
age as 'Age',addr as 'Address',perAddr as 'Permanent Address',
pno as 'Phone No',altName as 'Alternate Contact Person',
altPno as 'Alternate Person Pno',fever as 'Duration Of Fever',
locType as 'Location Type',patType as 'Patient Type',
radTreat as 'Radical Treatment Given?', followup as 'Treatment Status',
taluk as 'Taluk',phc as 'PHC',malType as 'Malaria Type',
death as 'Death Status' FROM patients
WHERE (**date=Session['selDate'] and name=Session['selName']**)";
SqlCommand sqlCmd = new SqlCommand(sqlStatement, connection);
SqlDataAdapter sqlDa = new SqlDataAdapter(sqlCmd);
DataTable dt = new DataTable();
答案 0 :(得分:0)
好吧,检查this link以了解会话项的工作原理。 简言之:
string firstName = (string)(Session["First"]);
string lastName = (string)(Session["Last"]);
string city = (string)(Session["City"]);
更多:不要手动撰写查询,而是使用查询参数;由于类型转换(日期/时间,具有不同小数点分隔符的浮点数等),这将阻止您Sql injection和许多麻烦。
所以你应该试试
string sqlStatement = "SELECT date as 'Date',name as 'Name', ....
WHERE date=@pData AND name=@pName";
SqlCommand sqlCmd = new SqlCommand(sqlStatement, connection);
sqlCmd.Parameters.AddWithValue("pData", (DateTime)Session["selDate"]);
sqlCmd.Parameters.AddWithValue("pName", (String)Session["selName"]);