Code-behind:
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
string subcat = Request.QueryString["subcat"];
string bnd = Request.QueryString["bnd"];
string query = "SELECT * FROM [ProductDetails] WHERE ([Sub_category] = " + subcat + ")";
if (!String.IsNullOrEmpty(bnd))
{
query += " AND ([Brand] = " + bnd + ")";
}
SqlDataSource1.SelectCommand = query;
}
}
HTML markup:
<asp:SqlDataSource ID="SqlDataSource1" runat="server"
ConnectionString="<%$ ConnectionStrings:shoppingConnectionString2 %>"
SelectCommand="SELECT * FROM [ProductDetails]"
onselecting="SqlDataSource1_Selecting">
</asp:SqlDataSource>
(Note the removed SelectParameters)
I've never used a SqlDataSource before, but this is similar to what I'd do for an ObjectDataSource. Would the above code work for your scenario?
EDIT : Please note that this method is open to SQL injection attacks, so you ought to validate/sanitize the querystring parameters first.