You've set both the
Text
and the
DataTextField
properties. The
DataTextField
will overwrite the
Text
value with the value from the data source.
Remove the
DataTextField
property, and it should start using the
Text
property instead:
<asp:HyperLinkField DataNavigateUrlFields="EncryptedURL" Text="View" HeaderText="EncryptedURL"/>
However, you have
a serious security vulnerability[
^] in your code. You should fix that immediately, and review any other database code you've written to check for and fix the vulnerability.
Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[
^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[
^]
Query Parameterization Cheat Sheet | OWASP[
^]
string account = Request.QueryString["Account"];
lblAcct.Text = Server.HtmlEncode(account);
using (SqlConnection con = new SqlConnection("Data Source=test;Initial Catalog=test;User ID=te;Password=great"))
using (SqlCommand cmd = new SqlCommand("Select * from test.dbo.test where AccountNo = @AccountNo", con))
{
cmd.Parameters.AddWithValue("@AccountNo", account);
con.Open();
using (SqlDataReader dr = cmd.ExecuteReader())
{
GridView3.DataSource = dr;
GridView3.DataBind();
}
}