i want to do sorting for jQGrid in ASP.NET. For that i have pass the sidx and sord for co开发者_C百科lumn name and sorting order.but it was giving error "Incorrect syntax near '0'.
Statement(s) could not be prepared."
i wrote query for this select Image,CategoryName,Status,CategoryId from Category Order by {0} {1}
I do not think this is valid Sql query:
"select Image,CategoryName,Status,CategoryId from Category Order by {0} {1}"
Instead replace the curly brackets and the numbers with actual names:
"select Image,CategoryName,Status,CategoryId from Category Order by CategoryName, Status"
Dick
It would be better if you post a code fragment which you use to near SELECT
statement. It seems that you either forgot to make String.Format
with "select Image,CategoryName,Status,CategoryId from Category Order by {0} {1}" or you don't define a default sort column in jqGrid and not test in your code whether sidx
is empty or null
.
If you generate AdHoc SQL statements, you should be very careful in testing of the input parameters sidx
and sord
. For example, should be permitted only two values for sord
: "desc"
or "asc"
. The sidx
can be either empty or null or one value from the list of permitted for sorting columns (Image
should be probably not permitted for sorting). In the advanced version you can allow sidx
be like "CategoryName asc, Status"
if you want. In this case you should parse sidx
and verify for the permitted syntax.
At the end you should take in consideration permitted case of column names and possible existence of special characters in the column names or using reserved names in the column names. You receive much more safe SQL statements if you place '[' and ']' over column names.
精彩评论