<div><asp:Image ID="Image1" runat="server" ImageUrl='Images/ProductImages/<%# Eval("Extention") %>' Height="100" Width="100"></asp:Image></div>
using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.Web.UI; using System.Web.UI.WebControls; using System.Data; using System.Data.SqlClient; using System.Configuration; using System.Globalization; using System.Threading; public partial class OrderHistory : System.Web.UI.Page { SqlConnection con = new SqlConnection(@"Data Source=.\SQLEXPRESS;Initial Catalog=KalzAgency;Integrated Security=true"); public static String CS = ConfigurationManager.ConnectionStrings["KalzAgency"].ConnectionString; protected void Page_Load(object sender, EventArgs e) { if (Session["USERNAME"] != null) { if (!IsPostBack) { this.BindProductImage(); } string id = Session["UserID"].ToString(); con.Open(); SqlCommand cmd = con.CreateCommand(); cmd.CommandType = CommandType.Text; cmd.CommandText = "SELECT * FROM tblOrderProducts WHERE UserID = '" + id + "'"; cmd.ExecuteNonQuery(); DataTable dt = new DataTable(); SqlDataAdapter da = new SqlDataAdapter(cmd); da.Fill(dt); r2.DataSource = dt; r2.DataBind(); con.Close(); } else { Response.Redirect("~/SignIn.aspx"); } } private void BindProductImage() { Int64 PID = Convert.ToInt64(Request.QueryString["PID"]); Int64 extention = Convert.ToInt64(Request.QueryString["Extention"]); using (SqlConnection con = new SqlConnection(CS)) { SqlCommand cmd = new SqlCommand("BindProductImages", con) { CommandType = CommandType.StoredProcedure }; cmd.Parameters.AddWithValue("@PID", PID); cmd.Parameters.AddWithValue("@Extention", extention); using (SqlDataAdapter sda = new SqlDataAdapter(cmd)) { DataTable dt = new DataTable(); sda.Fill(dt); r2.DataSource = dt; r2.DataBind(); } } }
SET ANSI_NULLS ON GO SET QUOTED_IDENTIFIER ON GO ALTER PROCEDURE [dbo].[BindProductImages] ( @PID int, @Extention nvarchar(500) ) AS SELECT * FROM tblProductImages where PID = @PID
<asp:Image ID="Image1" runat="server" ImageUrl='<%# Eval("Extention", "Images/ProductImages/{0}") %>' Height="100" Width="100"/>
Quote:C# cmd.CommandText = "SELECT * FROM tblOrderProducts WHERE UserID = '" + id + "'";
cmd.CommandText = "SELECT * FROM tblOrderProducts WHERE UserID = '" + id + "'";
Quote:SQL SELECT * FROM tblProductImages where PID = @PID
SELECT * FROM tblProductImages where PID = @PID
SELECT * FROM
var
This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)