Moving SqlDataSource to ObjectDataSource. need help

Discussion in 'ASP .Net' started by Raja, Aug 31, 2006.

  1. Raja

    Raja Guest

    Hi everybody
    I am converting my pages to use ObjectDataSource instead of
    SqlDataSource and want to keep the same user interface but have a small
    problem.

    In a page using SqlDataSource I have a textbox where user can input the
    query (whole query in SQL). Then by clicking the search button I was
    using it as: SqlDataSource1.SelectCommand = txtQuery.Text.
    I want to have the same interface into a converted page where I am
    using ObjectDataSource.
    How can I do this?

    I can probably have a select method where there will a parameter for
    every column and then have a textbox for every column in the page where
    user can enter search parameters and it may work as well, but I am
    using this project only inside the company where only people having the
    knowledge of SQL are using it, so they can write their queries fast and
    check what they want.

    Can someone tell the answer or guide to a link?

    Thanks in advance
    Raja
     
    Raja, Aug 31, 2006
    #1
    1. Advertising

  2. You will have to create an object with the job of delivering SQL. The SQL
    string will then be sent to the database from the object and run. Since you
    are dealing with random FUD, you will likely have to return a Random
    DataSet.

    NOTE: This is not a good security practice, as anyone with a SQL background
    can do major damage to your database with this wide open ability. You should
    restrict the account that can run queries this way to only being able to
    query tables that it should have access to and stop any security SQL or DDL
    from running under this account.

    --
    Gregory A. Beamer
    MVP; MCP: +I, SE, SD, DBA

    *************************************************
    Think outside of the box!
    *************************************************
    "Raja" <> wrote in message
    news:...
    > Hi everybody
    > I am converting my pages to use ObjectDataSource instead of
    > SqlDataSource and want to keep the same user interface but have a small
    > problem.
    >
    > In a page using SqlDataSource I have a textbox where user can input the
    > query (whole query in SQL). Then by clicking the search button I was
    > using it as: SqlDataSource1.SelectCommand = txtQuery.Text.
    > I want to have the same interface into a converted page where I am
    > using ObjectDataSource.
    > How can I do this?
    >
    > I can probably have a select method where there will a parameter for
    > every column and then have a textbox for every column in the page where
    > user can enter search parameters and it may work as well, but I am
    > using this project only inside the company where only people having the
    > knowledge of SQL are using it, so they can write their queries fast and
    > check what they want.
    >
    > Can someone tell the answer or guide to a link?
    >
    > Thanks in advance
    > Raja
    >
     
    Cowboy \(Gregory A. Beamer\), Aug 31, 2006
    #2
    1. Advertising

  3. Raja

    Ed Hinton Guest

    I know this is an old thread, but in case anyone else stumbles across this trying to do it, there is a VERY easy way to do it. You can create a SelectParameter that will be set to the dynamic SQL query you want to run. Then in your data source, in the SelectMethod and Selectmethod calls, you need to add the extra parameter (first parameter actually). In the SelectMethod, just use what is passed in.

    In the SelectCount method (assuming a paged data source), you'll need to replace everything before the "FROM" clause with "SELECT COUNT(*) ". That's it.

    I did this so that bound controls I was using could set filter criteria easily or even pass a very complex where clause in the query referencing many things without needing lots of separate parameters for all the different columns or tables referenced, and so I also could easily drop out requested columns if I only want a subset. Because the calling code uses reflection, it all works beautifully.

    That said, i echo the caution about security vulnerability. In my case, it is special code-behind code behind my controls that is crafting the query. I do NOT recommend ever just passing whatever a user types in.

    From http://www.developmentnow.com/g/8_2...qlDataSource-to-ObjectDataSource-need-help.ht

    Posted via DevelopmentNow.com Group
    http://www.developmentnow.com
     
    Ed Hinton, Mar 14, 2008
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. osh
    Replies:
    0
    Views:
    1,419
  2. linkswanted
    Replies:
    0
    Views:
    1,193
    linkswanted
    Dec 21, 2007
  3. tshad
    Replies:
    0
    Views:
    499
    tshad
    Feb 4, 2010
  4. Keith Patrick

    ObjectDataSource feeding off a SqlDataSource

    Keith Patrick, Dec 16, 2005, in forum: ASP .Net Web Controls
    Replies:
    0
    Views:
    137
    Keith Patrick
    Dec 16, 2005
  5. David Thielen

    ObjectDataSource method as another ObjectDataSource

    David Thielen, Mar 21, 2006, in forum: ASP .Net Web Controls
    Replies:
    3
    Views:
    249
    Steven Cheng[MSFT]
    Mar 23, 2006
Loading...

Share This Page