From: johansson.andersson@telia.com   
      
   Hello!   
      
   The passed orderBy parameter string can consist of one of these  8   
   possibilities   
   The code is at the end.   
      
   TicketID ASC   
   TicketI DESC   
   Priority ASC   
   Priority DESC   
   CreatedDate ASC   
   CreatedDate DESC   
   Owner ASC   
   Owner DESC   
      
   I want to sort in the way that the given parameter orderBy is specified.   
   It would be easy to use string.format but I hope that I can avoid that   
   because of sql injection   
      
   I hope somebody know how to fix this in an easy way without using   
   string.format.   
   I tried below but I get error probably of not understanding this fully.   
   It must be an easier way to use case then I have done below.   
   It seems like a lot of writing whan I have the sort expression ready to be   
   used.   
      
   public DataSet GetTicketDetail(ListItem owner, string orderBy)   
           {   
               SqlCommand cmd;   
               if (owner.Text == "*") // All tickets that has an owner   
               {   
                   string query = "SELECT Tickets.TicketID, Tickets.HeadLine,   
   Tickets.Description, " +   
                               "Tickets.Priority, Tickets.CreatedTicket,   
   Users.Owner, Tickets.Complete, TicketType.Name " +   
                               "FROM Tickets " +   
                               "JOIN Users ON " +   
                               "Users.UserID = Tickets.UserID " +   
                               "JOIN TicketType ON " +   
                               "TicketType.TicketTypeID = Tickets.TicketTypeID   
   " +   
                               "where Tickets.UserID != @UserID " +   
                               "ORDER BY " +   
                               "CASE WHEN @orderBy = 'TicketID ASC' " +   
                                  "THEN TicketID END ASC, " +   
                               "CASE WHEN @orderBy = 'TicketID DESC' " +   
                                  "THEN TicketID END DESC, " +   
                               "CASE WHEN @orderBy = 'Priority ASC' " +   
                                  "THEN Priority END ASC, " +   
                               "CASE WHEN @orderBy = 'Priority DESC' " +   
                                  "THEN Priority END DESC, " +   
                               "CASE WHEN @orderBy = 'CreatedDate ASC' " +   
                                  "THEN CreatedDate END ASC, " +   
                               "CASE WHEN @orderBy= 'CreatedDate DESC' " +   
                                  "THEN CreatedDate END DESC, " +   
                                "CASE WHEN @orderBy= 'Owner ASC' " +   
                                  "THEN Owner END ASC, " +   
                                "CASE WHEN @orderBy= 'Owner DESC' " +   
                                  "THEN Owner END DESC " +   
                               "SELECT   
   TicketDetail.TicketDetailID,TicketDetail.TicketID, TicketDetail.Action, " +   
                               "Users.Owner, TicketDetail.CreatedDate,   
   TicketDetail.UserID,TicketDetail.Status " +   
                               "FROM [TicketDetail] " +   
                               "JOIN Users ON " +   
                               "Users.UserID = TicketDetail.UserID";   
      
                   cmd = new SqlCommand(query);   
                   cmd.Parameters.AddWithValue("@UserID",   
   GetIDForNonAssignedTickets());   
                   return FillDataSet(cmd, "Tickets");   
               }   
   }   
   //Tony   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)