Re: SQL Statement Class Helper request
- From: Jeff Louie <jeff_louie@xxxxxxxxx>
- Date: Mon, 03 Oct 2005 20:32:30 -0700
It is possible to do this graphically using findable controls and tokens
such as
[=], and [LIKE%]. As long as you understand the risk of SQL injection,
you can
write your own controls and bind each control to a field, then iterate
over the
containment hierarchy to retrieve all of the fields and then query each
control
for the user entered WHERE clause. So each control would implement the
following interfaces:
public enum FormMode {Data,Find}
public interface IStatefulUI
{
void SaveState();
void Clear();
void RestoreState();
}
public interface IParameter
{
string Condition {get;}
string Name {get;}
string Text {get;}
string Pre {get;}
string Post {get;}
bool NeedsText {get;}
string Filter {get;}
}
public interface IFindable
{
Parameter Parameter {get;}
bool IsFindable {get;set;}
bool ShowFindableContextMenu {get;set;}
}
And call it like this:
Parameter[] parameters= queryEngine.GetParameters
(this.panel1.Controls);
bool isParameter= false;
string command= "";
foreach (Parameter p in parameters)
{
if (p.Text.Length > 0)
{
if (isParameter)
{
command+= " AND ";
}
command+= p.Filter;
isParameter= true;
}
}
The safer method is to use a parameterized query as in:
this.sqlSelectCommand1.Parameters["@"+p.Name].Value=p.Text.Trim()+"%";
Regards,
Jeff
*** Sent via Developersdex http://www.developersdex.com ***
.
- References:
- SQL Statement Class Helper request
- From: ABC
- SQL Statement Class Helper request
- Prev by Date: Re: add button into datagrid
- Next by Date: Re: dumb question.. please help!
- Previous by thread: SQL Statement Class Helper request
- Next by thread: Re: SQL Statement Class Helper request
- Index(es):
