How to add year in drop down list value?

Question

0.00/5 (No votes)

See more:

Hello,

I have drop down list in my application. Drop down list content is as follows: 2010 to 2014 list item.

now my query is :

C#

string qry = "select DISTINCT(App_Code),App_Name
from Appraisal
where year(App_Date)>='"+drdwnyear.SelectedItem.ToString()+"' and YEAR(App_Date)<='"+Next+"'"

Now here in the query i want set first value as drop down list value & second will be the next of selected drop down list. e.g. If i select drop down value 2013 then next will be 2014.
But how i will add one year in drop down list value.
normally we will add year .addyear(-1)

How i will solve this issue please help me.

Posted 4-Aug-15 21:38pm

Member 11221185

Updated 4-Aug-15 22:06pm

Maciej Los

v2

Add a Solution

Comments

sasanka sekhar panda 5-Aug-15 3:57am

if you are selecting 2014 then what is the condition..It will only search for 2014 or not?

Maciej Los 5-Aug-15 4:26am

Sorry, but your question is not clear. Can you provide more details about "next" year?

2 solutions

Solution 2

I'm not sure i understand you correctly, but i think you want to fetch data from database based on dropdownlist value.

I would not recommend to use query like this:

C#

string qry = "select DISTINCT(App_Code),App_Name
from Appraisal
where year(App_Date)>='"+drdwnyear.SelectedItem.ToString()+"' and YEAR(App_Date)<='"+Next+"'";

because of SQL Injection[^].

More:

How To: Protect From SQL Injection in ASP.NET[^]

SQL Injection and how to avoid it[^]

Do Stored Procedures Protect Against SQL Injection?[^]

Rather then above query, use parametrized query:

C#

string qry = "select DISTINCT(App_Code),App_Name
from Appraisal
where year(App_Date)>=@currYear and YEAR(App_Date)<=@currYear+1";

Now, create SqlCommand[^] and add @currYear parameter to the SqlParametersCollection[^]

C#

aSqlCommand.Parameters.AddWithValue("@currYear", DropDownList.SelectedValue);

Follow the links to see sample code.

Posted 4-Aug-15 22:40pm

Maciej Los

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

F-ES Sitecore · Accepted Answer · 2015-08-04T22:32:00

Untested, but something like

C#

int year = 0;
if (!int.TryParse(drdwnyear.SelectedValue, out year))
{
 // show an error message
 return;
}
string qry = "select DISTINCT(App_Code),App_Name
from Appraisal
where year(App_Date)>="+year.ToString()+" and YEAR(App_Date)<="+(year+1).ToString();

However you should really be using parameterised queries rather than building dynamic SQL.