How to use Single Quotes in Eval Format String

2020-02-07 01:19发布

问题:

I've got a Repeater and its SqlDatasource nested inside a Gridview TemplatedField.
The Repeater's datasource SelectCommand is set using the FormatString of an Eval from the Gridview.
The SelectCommand has a WHERE clause which is to compare a string.
Because I have already used the single and double quotes, I am having trouble delimiting the string in the SQL WHERE clause.

How do I add single quotes inside an Eval FormatString?

I have tried using 'Replace'.
I have tried using 'Special Characters' (... WHERE StringField = '{0}' ...)

No luck so far. I appreciate any help you may be able to offer.

<asp:GridView ID="GridView1" runat="server" DataSourceID="DataSource1" DataKeyNames="Foo" AutoGenerateColumns="False" AllowSorting="true" >
    <Columns>
        <asp:BoundField DataField="Foo" HeaderText="Foo" SortExpression="Foo" />
        <asp:BoundField DataField="Bar" HeaderText="Bar" SortExpression="Bar" />
        <asp:TemplateField>
            <ItemTemplate>
                <asp:Repeater ID="Repeater1" runat="server" DataSourceID="DataSourceNested">
                    <ItemTemplate>
                        <asp:Label ID="Label1" runat="server" Text='<%# Eval("Blah") %>'></asp:Label>
                    </ItemTemplate>
                </asp:Repeater>
                <asp:SqlDataSource ID="DataSourceNested" runat="server" DataFile="~/App_Data/DatabaseName"
                    SelectCommand='<%# Eval("Bar", "SELECT Blah FROM TableName WHERE (StringField = {0})") %>' >
                </asp:SqlDataSource>
            </ItemTemplate>
        </asp:TemplateField>
    </Columns>
</asp:GridView>

回答1:

Don't forget that a .aspx page is simply XML. You just escape the quotes as you normally would.

For example:

<asp:Repeater ID="repeatTheLabel" runat="server">
    <ItemTemplate>
        <asp:Label ID="Label1" Text="<%# Eval(&quot;Id&quot;, &quot;This is item '{0}'.&quot;) %>" runat="server" />
    </ItemTemplate>
    <SeparatorTemplate>
        <br />
    </SeparatorTemplate>
</asp:Repeater>

When the above expression is databound the value between <%# and %> becomes:

Eval("Id", "This is item '{0}'.")

...which produces on the HTML page as output when databound with an array of objects with "Id" property values from 1 to 5:

This is item '1'.
This is item '2'.
This is item '3'.
This is item '4'.
This is item '5'.



回答2:

Store your sql queries in properties in your Page class. Not only does it work :-) but it makes your code easier to read and maintain.

Oh, and you should use parameters in your queries instead of doing string replacements. That will solve the problem by removing the need for single quotes.



回答3:

Why don't you define this WHERE clause as a const in your codebehind. Define:

protected const string SELECTCLAUSE = 
"SELECT Blah FROM TableName WHERE (StringField = '{0}')";

Then your SelectCommand property would be:

SelectCommand='<%# Eval("Bar", SELECTCLAUSE ) %>'


回答4:

Have you tried escaping the single quote characters?

... WHERE (StringField = \'{0}\') ...