SqlDataSource and "Contains" when a comma or space is part of search string

0
votes

I am writing an application in Asp.net with c# as code behind. I have a text box ("txtNameSearch") for the user place information into to filter a SqlDataSource, and a gridview that populates based that SQL data. When the users places a comma or space in the box, the SqLDataSource has an exception error. I want to be able to allow this sort of search because the database has punctuation allowed in this field.

    <asp:SqlDataSource ID="Sql_NameList" runat="server" ConnectionString='<%$ ConnectionStrings:Recorder %>'
        SelectCommand="SELECT [Name], [Address1], [Address2], [CSZ], [PersonID] FROM [People] WHERE (CONTAINS([Name], @Name))">

        <SelectParameters>
            <asp:ControlParameter ControlID="txtNameSearch" PropertyName="Text" Name="Name" Type="String">
            </asp:ControlParameter>
        </SelectParameters>

    </asp:SqlDataSource>

Below is the exception text:

Server Error in '/' Application.

Syntax error near ',' in the full-text search condition 'Johnson, Ma'.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Data.SqlClient.SqlException: Syntax error near ',' in the full-text search condition 'Johnson, Ma'.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[SqlException (0x80131904): Syntax error near ',' in the full-text search condition 'Johnson, Ma'.]
System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action1 wrapCloseInAction) +2442126
System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection, Action1 wrapCloseInAction) +5736904 System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose) +628
System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady) +3731
System.Data.SqlClient.SqlDataReader.TryConsumeMetaData() +58
System.Data.SqlClient.SqlDataReader.get_MetaData() +89
System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString) +379
System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async, Int32 timeout, Task& task, Boolean asyncWrite, SqlDataReader ds, Boolean describeParameterEncryptionRequest) +2026
System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, TaskCompletionSource`1 completion, Int32 timeout, Task& task, Boolean asyncWrite) +375
System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method) +53
System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method) +240
System.Data.SqlClient.SqlCommand.ExecuteDbDataReader(CommandBehavior behavior) +41
System.Data.Common.DbCommand.System.Data.IDbCommand.ExecuteReader(CommandBehavior behavior) +12 System.Data.Common.DbDataAdapter.FillInternal(DataSet dataset, DataTable[] datatables, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command, CommandBehavior behavior) +139
System.Data.Common.DbDataAdapter.Fill(DataSet dataSet, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command, CommandBehavior behavior) +136
System.Data.Common.DbDataAdapter.Fill(DataSet dataSet, String srcTable) +86
System.Web.UI.WebControls.SqlDataSourceView.ExecuteSelect(DataSourceSelectArguments arguments) +1494
System.Web.UI.DataSourceView.Select(DataSourceSelectArguments arguments, DataSourceViewSelectCallback callback) +22
System.Web.UI.WebControls.DataBoundControl.PerformSelect() +143
System.Web.UI.WebControls.BaseDataBoundControl.DataBind() +74
System.Web.UI.WebControls.GridView.DataBind() +9
System.Web.UI.WebControls.BaseDataBoundControl.EnsureDataBound() +114 System.Web.UI.WebControls.CompositeDataBoundControl.CreateChildControls() +75 System.Web.UI.Control.EnsureChildControls() +92 System.Web.UI.Control.PreRenderRecursiveInternal() +42
System.Web.UI.Control.PreRenderRecursiveInternal() +160
System.Web.UI.Control.PreRenderRecursiveInternal() +160
System.Web.UI.Control.PreRenderRecursiveInternal() +160
System.Web.UI.Control.PreRenderRecursiveInternal() +160
System.Web.UI.Control.PreRenderRecursiveInternal() +160
System.Web.UI.Control.PreRenderRecursiveInternal() +160
System.Web.UI.Control.PreRenderRecursiveInternal() +160
System.Web.UI.Control.PreRenderRecursiveInternal() +160
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +883

1
c#asp.netcontainssqldatasourcecomma

1 Answers

0
votes

I fixed this problem in the c# code behind by taking the text box and checking for a comma or space. If that exists quotation marks are added around the text and then the query does not choke on the comma or space. See code below:

        if (txtNameSearch.Text.Contains(",") || txtNameSearch.Text.Contains(" "))
            {
            if (txtNameSearch.Text.Contains('"'))
                {

                }
            else
                {
                txtNameSearch.Text = '"' + txtNameSearch.Text + '"';
                }
            }