Click here to Skip to main content
14,735,478 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
I have a nested gridview. On the top-level grid, I have a button that should call a stored procedure and and put that data into the nested gridview.

Here is my ASPX page code
<form id="form1" runat="server">
<asp:GridView ID="gvCustomers" runat="server" AutoGenerateColumns="false" CssClass="Grid"
    DataKeyNames="ID" OnRowDataBound="OnRowDataBound">
    <Columns>
        <asp:TemplateField>
            <ItemTemplate>
                <asp:Button Text="Expand" runat="server" OnClick="Select" CommandArgument='<%#Eval("ID") %>' />
                <asp:Panel ID="pnlOrders" runat="server" Style="display: none">
                    <asp:GridView ID="gvOrders" runat="server" AutoGenerateColumns="false" CssClass = "ChildGrid">
                        <Columns>
                            <asp:BoundField ItemStyle-Width="135px" DataField="Label" HeaderText="Label" />
                            <asp:BoundField ItemStyle-Width="150px" DataField="IDs" HeaderText="IDs" />

                            <asp:BoundField ItemStyle-Width="150px" DataFormatString="${0:###,###,###.00}" DataField="Total" HeaderText=Total" />
                        </Columns>
                    </asp:GridView>
                </asp:Panel>
            </ItemTemplate>
        </asp:TemplateField>
        <asp:BoundField ItemStyle-Width="150px" DataField="Source" HeaderText="Source" />
        <asp:BoundField ItemStyle-Width="150px" DataField="Label" HeaderText="Label" />
        <asp:BoundField ItemStyle-Width="150px" DataFormatString="${0:###,###,###.00}" DataField="Total20" HeaderText="Total20" />
        <asp:BoundField ItemStyle-Width="150px" DataFormatString="${0:###,###,###.00}" DataField="Total1" HeaderText="Total1" />
        <asp:BoundField ItemStyle-Width="150px" DataFormatString="{0:P1}"  DataField="Average_Fee_PCT" HeaderText="Average Fee" />
    </Columns>
</asp:GridView>
</form>


Here is my C# code
protected void Select(object sender, EventArgs e)
{
    string ID = (sender as Button).CommandArgument;

            Response.Write("<script>console.log('ID...." + ID + "');</script>");
            
        GridView gvOrders = e.Row.FindControl("gvOrders") as GridView;          
        gvOrders.DataSource = GetData(string.Format("exec ReturnDataSingle '" + ID + "', '"+ DateTime.Now.ToString("yyyy-MM-dd") + "'"));
        gvOrders.DataBind();


}


Here is the error message I am getting
'System.EventArgs' does not contain a definition for 'Row' and no extension method 'Row' accepting a first argument of type 'System.EventArgs' could be found 


Can someone help me figure out how I would be able to add the stored procedure data to the gvOrders gridview based off that button click?

What I have tried:

I can't seem to figure out how to add that data into the table from the button click.
Posted
Updated 30-Sep-20 23:34pm
Comments
Richard Deeming 1-Oct-20 4:31am
   
GetData(string.Format("exec ReturnDataSingle '" + ID + "', '"+ DateTime.Now.ToString("yyyy-MM-dd") + "'"))

You've written a method which will force you to write code which is vulnerable to SQL Injection[^]. NEVER use string concatenation / interpolation / string.Format to build a SQL query. ALWAYS use a parameterized query.

Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
Query Parameterization Cheat Sheet | OWASP[^]

1 solution

Try using the naming container:
protected void Select(object sender, EventArgs e)
{
    Button button = (Button)sender;
    string ID = button.CommandArgument;
    GridView gvOrders = (GridView)button.NamingContainer.FindControl("gvOrders");
    ...
But make sure you fix your GetData method so that you can pass the query parameters properly to avoid a SQL Injection[^] vulnerability.
   

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900