Dear experts,
I do really appreciate your highly valued expertise.
I am trying to think up a solution but I am frozen.
First we have two tables ( I didn't design it in case it is flawed), Emp table and Angulers table.
The emp table contains the following fields:
EmpID,
EmpName
Password
Dept
And several others but those above are the relevant ones.
Then Angulers table with following relevant fieldnames:
EmpID - Foreign Key to Emp table
ManagerID -related to EmpID on Emp table
Status (Status has a value of Pending or Done)
The history:
The process is that employees will log in first to register their grievances and suggest a remedy.
Once an employee is done and clicks the Done button, next time that employee logs in, that employee is no longer allowed to make any changes.
By the way, employees log in with empID as username and Password as password.
This works fine.
Now that that employee is done, his or her manager then logs in to a page called EmployeeSummary.aspx to view a list of his/her employees.
Each manager can view his/her employee based on his/her ID and the department that s/he and his/her employees belong to.
This is where I am having problem.
How do I make a manager log into EmployeeSummary.aspx page and only see those employees that are in his/her department?
Here is the code I am working with but it is coming blank when I run it.
<!--Markup -->
<div align="center"><asp:GridView ID="GridView1" runat="server" AutoGenerateColumns="false" AllowPaging="true"
OnPageIndexChanging="OnPageIndexChanging" PageSize="10"><Columns><asp:HyperLinkField DataNavigateUrlFields="ManagerID,department"
DataNavigateUrlFormatString="employeeDetails.aspx?ID={0}&Dept={1}" Text="Add Comments" /><asp:BoundField ItemStyle-Width="200px" DataField="empname" HeaderText="Employee Name" /><asp:BoundField ItemStyle-Width="250px" DataField="department" HeaderText="Department" /></Columns></asp:GridView></div>--Code Behind:
Inherits System.Web.UI.Page
Protected Sub Page_Load(ByVal sender As Object, ByVal e As EventArgs) Handles Me.Load
If Not Me.IsPostBack Then
Me.BindGrid()
End If
End Sub
Private Sub BindGrid()
Dim constr As String = ConfigurationManager.ConnectionStrings("constr").ConnectionString
Using con As New SqlConnection(constr)
Using cmd As New SqlCommand("SELECT e.empID, e.empname, e.department, a.managerID, a.status FROM Emp e INNER JOIN Angulers a ON a.empID = e.empID WHERE a.status = 'Done' and e.ManagerID = '"&querystring("ID") & "' and e.department = '"&uerystring("dept") & "' ")
'We use parametized query to prevent sql injection attack
' Dim p1 As New SqlParameter("@dept", Session("dept"))
'cmd.Parameters.Add(p1)
Using sda As New SqlDataAdapter()
cmd.Connection = con
sda.SelectCommand = cmd
Using dt As New DataTable()
sda.Fill(dt)
GridView1.DataSource = dt
GridView1.DataBind()
End Using
End Using
End Using
End Using
End Sub
Protected Sub OnPageIndexChanging(ByVal sender As Object, ByVal e As GridViewPageEventArgs)
GridView1.PageIndex = e.NewPageIndex
Me.BindGrid()
End SubThanks a lot in advance