Start by fixing the
SQL Injection[
^] vulnerability in your code:
SqlCommand cmd = new SqlCommand("select consumerData01.consumerSubDivision as 'Sub-Division',COUNT (*) as TOTAL,"
+ "SUM(case when Office_AppStatus= 'Demand Notice Issued' then 1 else 0 end) as 'Demand Notice Issued',"
+ "SUM(case when Office_AppStatus= 'Survey Report' then 1 else 0 end)as 'Survey',"
+ "SUM(case when Office_AppStatus= 'Rejected' then 1 else 0 end)as 'Rejected',"
+ "SUM(case when Office_AppStatus= 'Submitted' then 1 else 0 end)as 'Submitted',"
+ "SUM(case when Office_AppStatus= 'Meter Installed' then 1 else 0 end)as 'Meter Installed'"
+ "from OfficeDat01 "
+ "inner join consumerData01 on consumerAppRegNo = OfficeDat01.Office_AutoCode "
+ "where consumerData01.consumerRegDate between @d1 and @d2"
+ " and consumerSubDivision like @s + '%' "
+ "group by consumerSubDivision ", con);
cmd.Parameters.AddWithValue("@d1", d1);
cmd.Parameters.AddWithValue("@d2", d2);
cmd.Parameters.AddWithValue("@s", s);
Then, change the required columns to hyperlinks. If you're using
the GridView
control[
^], use
a HyperLinkField
[
^]. If you're using
the DataGrid
control[
^], use
a HyperLinkColumn
[
^].
NB: There is no "DataGridView" control in ASP.NET, so it's not clear from your question which control you're using.
Eg:
<asp:HyperLinkField
HeaderText="Demand Notice Issued"
DataTextField="Demand Notice Issued"
DataNavigateUrlFields="Sub-Division"
DataNavigateUrlFormatString="~/ViewSubDivision.aspx?id={0}"
/>
This will generate a hyperlink with the text set to the value of the "Demand Notice Issued" field, and the URL set to
~/ViewSubDivision.aspx?id=...
, putting the value of the "Sub-Division" field after the "id=".
Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
Query Parameterization Cheat Sheet | OWASP[^]