开发者

How to retrieve the values in asp.net form from SQL Server 2005

问答 作者:

I want the user entered values to get displayed in the form again.. my values get entered i开发者_高级运维nto the SQL Server database, but I don't know how to retrieve the values again in the form.. my code is:

SqlDataReader rdr = null;
SqlConnection conn = new SqlConnection("Data Source=Si-6\\SQLSERVER2005;Initial Catalog=emp;Integrated Security=SSPI");

try
{
   conn.Open();

   SqlCommand cmd=new SqlCommand ("insert into timeday(project,iteration,activity,description,status,hour)values('"+this .name1 .SelectedValue +"','"+this .iteration .SelectedValue +"','"+this .activity .SelectedValue +"','"+this.name2.Text+"','"+this.status .SelectedValue +"','"+this .Text1 .Text +"')",conn );

   rdr = cmd.ExecuteReader();

   while (rdr.Read())
   {
      Console.WriteLine(rdr[0]);
   }
}
finally
{
   if (rdr != null)
      rdr.Close();

   if (conn != null)
      conn.Close();
}

You should:

  • avoid SQL injection and don't just concatenate together your SQL statements! Use parametrized queries instead!
  • put your SqlConnection and SqlCommand objects into using blocks
  • when you want to call an INSERT statement, definitely do not call .ExecuteReader() on your SqlCommand - use .ExecuteNonQuery() instead...

Try something like this:

string connStr = "Data Source=Silverage-6\\SQLSERVER2005;Initial Catalog=emp;Integrated Security=SSPI";

string queryStmt = 
   "INSERT INTO dbo.timeday(project, iteration, activity, description, status, hour) " + 
   "VALUES(@Project, @Iteration, @Activity, @Description, @Status, @Hour)";

using(SqlConnection conn = new SqlConnection())
using(SqlCommand _cmd = new SqlCommand(queryStmt, conn))
{
   _cmd.Parameters.Add("@Project", SqlDbType.VarChar, 100);
   _cmd.Parameters["@Project"].Value = this.name1.SelectedValue.Trim();

   // add other parameters the same way....

   conn.Open();
   int result = _cmd.ExecuteNonQuery();
   conn.Close();
}

It would be even better if you:

  • would retrieve the connection string from a config file once, centrally, and just pass it into this method
  • would retrieve the values to set from your web UI in your UI code, and then call this business method on a business logic object and pass in the values you've determined

Right now, you're wildly mixing UI code (retrieving the values from the dropdowns and textboxes) with database/business logic code - this is not a very solid design.....

Update: if you want to retrieve values and display them, you can use something like this:

public DataTable GetDataForProject(string projectName)
{
   string connStr = "Data Source=Silverage-6\\SQLSERVER2005;Initial Catalog=emp;Integrated Security=SSPI";

   string queryStmt = 
      "SELECT project, iteration, activity, description, status, hour " + 
      "FROM dbo.timeday " + 
      "WHERE project = @project";

   DataTable resultTable = new DataTable();

   using(SqlConnection conn = new SqlConnection())
   using(SqlCommand _cmd = new SqlCommand(queryStmt, conn))
   {
      _cmd.Parameters.Add("@Project", SqlDbType.VarChar, 100);
      _cmd.Parameters["@Project"].Value = projectName;

      SqlDataAdapter dap = new SqlDataAdapter(_cmd);
      dap.Fill(resultTable);
   }

   return resultTable;
}

Of course:

  • you might want to select based on other criteria (that would show up in your WHERE clause)
  • maybe you want to use a SqlDataReader and read that data into domain objects (instead of a DataTable)

but the basic setup - have a specific method, pass in criteria, read the data with SqlConnection and SqlCommand in using blocks - will remain the same.

Once you have the DataTable, you can bind it to an ASP.NET gridview:

DataTable projectData = GetDataForProject("MyProject");

gridView1.DataSource = projectData;
gridView1.DataBind();

After inserting you need to write a query to retrieve records. Write this


SqlDataReader rdr = null;
SqlConnection conn = new SqlConnection("Data Source=Silverage-6\\SQLSERVER2005;Initial Catalog=emp;Integrated Security=SSPI");

try
{
   conn.Open();

   SqlCommand cmd=new SqlCommand ();
   cmd.CommandText="insert into timeday(project,iteration,activity,description,status,hour)values('"+this .name1 .SelectedValue +"','"+this .iteration .SelectedValue +"','"+this .activity .SelectedValue +"','"+this.name2.Text+"','"+this.status .SelectedValue +"','"+this .Text1 .Text +"')";
   cmd.Connection=conn;

   int i=cmd.ExecuteNonQuery();
   if(i>0)
   {
      cmd.CommandText="Select * from timeday";
      rdr = cmd.ExecuteReader();

      while (rdr.Read())
      {
         Console.WriteLine(rdr[0]);
      }
   }
}
finally
{
   if (rdr != null)
      rdr.Close();

   if (conn != null)
      conn.Close();
}

继续阅读:asp.netsql-server-2005

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9