CascadingDropDown 带有两个参数

发布于 2024-08-16 21:17:03 字数 1587 浏览 11 评论 0原文

我有一个包含 3 个下拉列表的页面,第二个和第三个下拉列表是用 CascadingDropDown 添加的。第三个下拉列表将从第一个和第二个下拉列表中获取参数。因此,在我从 google 找到的 CascadingDropDown 当前示例中,它们仅将一个参数传递给 WebService 方法。如何将两个参数传递给服务方法,以便我的第三个下拉列表将基于第一个和第二个下拉列表的SelectedValue?

<WebMethod()> _
Public Function GetTeams(ByVal knownCategoryValues As String, ByVal category As String) As CascadingDropDownNameValue()
    Dim strConnection As String = ConfigurationManager.ConnectionStrings("nerdlinessConnection").ConnectionString
    Dim sqlConn As SqlConnection = New SqlConnection(strConnection)
    Dim strTeamQuery As String = "SELECT * FROM TEAM WHERE conf_id = @confid"
    Dim cmdFetchTeam As SqlCommand = New SqlCommand(strTeamQuery, sqlConn)

    Dim dtrTeam As SqlDataReader
    Dim kvTeam As StringDictionary = CascadingDropDown.ParseKnownCategoryValuesString(knownCategoryValues)

    Dim intConfId As Integer

    If Not kvTeam.ContainsKey("Conference") Or Not Int32.TryParse(kvTeam("Conference"), intConfId) Then
        Return Nothing
    End If

    cmdFetchTeam.Parameters.AddWithValue("@confid", intConfId)
    Dim myTeams As New List(Of CascadingDropDownNameValue)

    sqlConn.Open()
    dtrTeam = cmdFetchTeam.ExecuteReader

    While dtrTeam.Read()
        Dim strTeamName As String = dtrTeam("team_name").ToString
        Dim strTeamId As String = dtrTeam("team_id").ToString

        myTeams.Add(New CascadingDropDownNameValue(strTeamName, strTeamId))
    End While

    Return myTeams.ToArray
End Function

这是我找到的示例代码!正如您在代码中看到的,“@confid”将从第二个下拉列表中传递!那么,我该如何修改此代码以从第一个下拉列表中获取所选值?

I have a page with 3 dropdownlist, 2nd and 3rd dropdownlist are added with CascadingDropDown. 3rd dropdownlist will take parameters from 1st and 2nd dropdownlist. So, in current example for CascadingDropDown i have found from google, they are only passing one parameter to the WebService method. How can pass two parameters to the service method, so that my 3rd dropdownlist will based on the SelectedValue of 1st and 2nd dropdownlist?

<WebMethod()> _
Public Function GetTeams(ByVal knownCategoryValues As String, ByVal category As String) As CascadingDropDownNameValue()
    Dim strConnection As String = ConfigurationManager.ConnectionStrings("nerdlinessConnection").ConnectionString
    Dim sqlConn As SqlConnection = New SqlConnection(strConnection)
    Dim strTeamQuery As String = "SELECT * FROM TEAM WHERE conf_id = @confid"
    Dim cmdFetchTeam As SqlCommand = New SqlCommand(strTeamQuery, sqlConn)

    Dim dtrTeam As SqlDataReader
    Dim kvTeam As StringDictionary = CascadingDropDown.ParseKnownCategoryValuesString(knownCategoryValues)

    Dim intConfId As Integer

    If Not kvTeam.ContainsKey("Conference") Or Not Int32.TryParse(kvTeam("Conference"), intConfId) Then
        Return Nothing
    End If

    cmdFetchTeam.Parameters.AddWithValue("@confid", intConfId)
    Dim myTeams As New List(Of CascadingDropDownNameValue)

    sqlConn.Open()
    dtrTeam = cmdFetchTeam.ExecuteReader

    While dtrTeam.Read()
        Dim strTeamName As String = dtrTeam("team_name").ToString
        Dim strTeamId As String = dtrTeam("team_id").ToString

        myTeams.Add(New CascadingDropDownNameValue(strTeamName, strTeamId))
    End While

    Return myTeams.ToArray
End Function

This is the sample code i found! As you can see in the code, '@confid' will be passed from 2nd dropdownlist! So, hw do i modify this code to get the selected value from 1st dropdownlist as well??

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

笔落惊风雨 2024-08-23 21:17:03

您指的是哪个网络服务?是你自己写的还是别人的网络服务?

如果它是您的 Web 服务,请更新其中的方法定义并传递两个参数。如果是其他人的,请联系相关人员以了解最好的做法。

Which web service are you referring to? Is it something you have written or someone else's webservice?

In case it is your webservice, update the method definition in it and pass two parameters. In case it is somone else's, contact the concerned person to know what best can be done.

那小子欠揍 2024-08-23 21:17:03

看起来发帖者实际上并不是在询问 Web 服务,而是在询问 SqlCommand 和添加参数。

首先,您永远不应该像这样直接从 Web 应用程序运行 sql。将其放入存储过程中。

其次,您应该对传入的值进行检查,因为这是网站用户使用 SQL 注入攻击

现在...这就是您要寻找的内容:

Dim strTeamQuery As String = "SELECT * FROM TEAM WHERE conf_id = @confid"

变成

Dim strTeamQuery As String = "SELECT * FROM TEAM WHERE conf_id = @confid AND second_id = @secondId"

然后只需添加其中的另一个:(

cmdFetchTeam.Parameters.AddWithValue("@confid", intConfId)

当然,还有其他值,就像这样)

cmdFetchTeam.Parameters.AddWithValue("@confid", intConfId)
cmdFetchTeam.Parameters.AddWithValue("@secondId", intSecondId)

It appears the poster is not asking about Web Services really, but about SqlCommand and adding parameters.

First, you should never EVER run sql straight from your web application like that. Put it in a stored procedure.

Second, you should run checks on the values coming in, because this is a good way for your web site users to use SQL injection attacks.

Now... Here is what you were looking for:

Dim strTeamQuery As String = "SELECT * FROM TEAM WHERE conf_id = @confid"

becomes

Dim strTeamQuery As String = "SELECT * FROM TEAM WHERE conf_id = @confid AND second_id = @secondId"

Then just add another one of these:

cmdFetchTeam.Parameters.AddWithValue("@confid", intConfId)

(with the other value, of course, like this)

cmdFetchTeam.Parameters.AddWithValue("@confid", intConfId)
cmdFetchTeam.Parameters.AddWithValue("@secondId", intSecondId)
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文