I have followed the tutorial on Google Style filtering for a column, and have it working, but am coming across a few problems.
Has anyone found a solution to these issues, or a more elegant way of getting this to work?
- It doesn't work on all datasources, such as generic lists.
- It doesn't work on stored procedures.
- It doesn't work on all queries, such as ones with order by statements.
- It doesn't work on select statements that use parameters.
- It's vulnerable to sql injection, and throws exceptions on the demo if you enter a single quote. (this is an easy fix)
- it requires an additional database call for data that is already in memory.
Has anyone found a solution to these issues, or a more elegant way of getting this to work?
1 Answer, 1 is accepted
0
Hello dlamprey,
You can find the Google like filtering demo ready to use here:
"Google suggest" style filtering in RadGrid.
Have in mind that this is just a demo demonstrating how you can integrate RadGrid in real life application.
You are free to customize or optimize anything form the code of the demo.
The link below shows to what kind of data source you bind RadGrid:
Various data sources
Regarding the sql injection vulnerability you should replace the following line in RadComboBox.ItemRequested event
with this instead:
I hope this helps.
Kind regards,
Nikolay
the Telerik team
Check out Telerik Trainer, the state of the art learning tool for Telerik products.
You can find the Google like filtering demo ready to use here:
"Google suggest" style filtering in RadGrid.
Have in mind that this is just a demo demonstrating how you can integrate RadGrid in real life application.
You are free to customize or optimize anything form the code of the demo.
The link below shows to what kind of data source you bind RadGrid:
Various data sources
Regarding the sql injection vulnerability you should replace the following line in RadComboBox.ItemRequested event
| CType(o, RadComboBox).DataSource = GetDataTable("SELECT DISTINCT " & Me.UniqueName & " FROM Customers WHERE " & Me.UniqueName & " LIKE '" & e.Text & "%'") |
with this instead:
| CType(o, RadComboBox).DataSource = GetDataTable("SELECT DISTINCT " & Me.UniqueName & " FROM Customers WHERE " & Me.UniqueName & " LIKE '" & e.Text.Replace("'", "''") & "%'") |
I hope this helps.
Kind regards,
Nikolay
the Telerik team
Check out Telerik Trainer, the state of the art learning tool for Telerik products.