Thread: ASP.NET Data Controls
View Single Post
  #66 (permalink)  
Old 08-27-2007, 08:31 AM
Venkat Venkat is offline
D-Web Master
  
Join Date: Mar 2007
Posts: 350
Venkat is on a distinguished road
Thumbs up Re: ASP.NET Data Controls
hi kingmaker,

If you are setting the SelectCommand then you can do this.
SqlDataSource1.SelectCommand = "SELECT * FROM [test.csv] WHERE " & ColumnName & " = " & searchCriteria
If you are using Stored procedure and columnname and searchcriteria as parameters, then you have to do
DECLARE @SQLQUERY VARCHAR(1000)

SET @SQLQUERY = N'SELECT * FROM TABLE1 WHERE ' + QUOTENAME(@COLUMNNAME) + ' = ' + @SearchCriteria

EXEC (@SQLQUERY)
In the above QuoteName is used to thwart Sql injection.
__________________
Venkat
knowledge is Power
Reply With Quote