Executing a Command with Parameters : SqlCommand « ADO.net Database « ASP.NET Tutorial

ASP.NET Tutorial
1. ASP.Net Instroduction
2. Language Basics
3. ASP.net Controls
4. HTML Controls
5. Page Lifecycle
6. Response
7. Collections
8. Validation
9. Development
10. File Directory
11. Sessions
12. Cookie
13. Cache
14. Custom Controls
15. Profile
16. Configuration
17. LINQ
18. ADO.net Database
19. Data Binding
20. Ajax
21. Authentication Authorization
22. I18N
23. Mobile
24. WebPart
25. XML
Java
Java Tutorial
Java Source Code / Java Documentation
Java Open Source
Jar File Download
Java Articles
Java Products
Java by API
Photoshop Tutorials
Maya Tutorials
Flash Tutorials
3ds-Max Tutorials
Illustrator Tutorials
GIMP Tutorials
C# / C Sharp
C# / CSharp Tutorial
C# / CSharp Open Source
ASP.Net
JavaScript DHTML
JavaScript Tutorial
JavaScript Reference
HTML / CSS
HTML CSS Reference
C / ANSI-C
C Tutorial
C++
C++ Tutorial
Ruby
PHP
Python
Python Tutorial
Python Open Source
SQL Server / T-SQL
SQL Server / T-SQL Tutorial
Oracle PL / SQL
Oracle PL/SQL Tutorial
PostgreSQL
SQL / MySQL
MySQL Tutorial
VB.Net
VB.Net Tutorial
Flash / Flex / ActionScript
VBA / Excel / Access / Word
XML
XML Tutorial
Microsoft Office PowerPoint 2007 Tutorial
Microsoft Office Excel 2007 Tutorial
Microsoft Office Word 2007 Tutorial
ASP.NET Tutorial » ADO.net Database » SqlCommand 
18. 3. 3. Executing a Command with Parameters
File: App_Code\Product.cs

using System;
using System.Data;
using System.Data.SqlClient;
using System.Web.Configuration;
using System.Collections.Generic;

public class Product
{
    private static readonly string _connectionString;

    private int _id;
    private string _title;
    private string _director;

    public int Id
    {
        get return _id; }
        set _id = value; }
    }

    public string Title
    {
        get return _title; }
        set _title = value; }
    }

    public string Director
    {
        get return _director; }
        set _director = value; }
    }

    public void Update(int id, string title, string director)
    {
        SqlConnection con = new SqlConnection(_connectionString);
        SqlCommand cmd = new SqlCommand("ProductUpdate", con);
        cmd.CommandType = CommandType.StoredProcedure;
        cmd.Parameters.AddWithValue("@Id", id);        cmd.Parameters.AddWithValue("@Title", title);
        cmd.Parameters.AddWithValue("@Director", director);
        using (con)
        {
            con.Open();
            cmd.ExecuteNonQuery();
        }
    }

    public List<Product> GetAll()
    {
        List<Product> results = new List<Product>();
        SqlConnection con = new SqlConnection(_connectionString);
        SqlCommand cmd = new SqlCommand("ProductSelect", con);
        cmd.CommandType = CommandType.StoredProcedure;
        using (con)
        {
            con.Open();
            SqlDataReader reader = cmd.ExecuteReader();
            while (reader.Read())
            {
                Product newProduct = new Product();
                newProduct.Id = (int)reader["Id"];
                newProduct.Title = (string)reader["Title"];
                newProduct.Director = (string)reader["Director"];
                results.Add(newProduct);
            }
        }
        return results;
    }

    static Product()
    {
        _connectionString = WebConfigurationManager.ConnectionStrings["Products"].ConnectionString;
    }
}

File: Web.config

<configuration>
  <connectionStrings>
    <add name="Products" 
         connectionString="Data Source=.\SQLEXPRESS;
         AttachDbFilename=|DataDirectory|MyDatabase.mdf;Integrated Security=True;User Instance=True" />
  </connectionStrings>
</configuration>

File: ProductStoredProcedures.sql

CREATE PROCEDURE dbo.ProductSelect
AS
SELECT Id, Title, Director FROM Products

CREATE PROCEDURE dbo.ProductUpdate
(
    @Id int,
    @Title NVarchar(100),
    @Director NVarchar(100)
)
AS
UPDATE Products SET
    Title = @Title,
    Director = @Director
WHERE Id = @Id


File: ShowProduct.aspx

<%@ Page Language="C#" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1" runat="server">
    <title>Show Product</title>
</head>
<body>
    <form id="form1" runat="server">
    <div>

    <asp:GridView
        id="grdProducts"
        DataSourceID="srcProducts"
        DataKeyNames="Id"
        AutoGenerateEditButton="true"
        Runat="server" />

    <asp:ObjectDataSource
        id="srcProducts"
        TypeName="Product"
        SelectMethod="GetAll"
        UpdateMethod="Update"
        Runat="server" />

    </div>
    </form>
</body>
</html>
18. 3. SqlCommand
18. 3. 1. Create SqlCommand from sql statement and connection
18. 3. 2. Executing a Command
18. 3. 3. Executing a Command with Parameters
18. 3. 4. Returning a Single Value
18. 3. 5. Read scalar data by using SqlCommand
18. 3. 6. Execute insert command by using SqlCommand
18. 3. 7. Execuate select command by using the SqlCommand
18. 3. 8. Execute update command
18. 3. 9. Attach SqlCommand to DataGrid
18. 3. 10. Pass a CommandBehavior.CloseConnection parameter to the ExecuteReader() method.
18. 3. 11. Executing Asynchronous Database Commands
18. 3. 12. Avoid SQL injection
18. 3. 13. Avoid SQL Injection attack
18. 3. 14. Browser Snoop
www.java2java.com | Contact Us
Copyright 2009 - 12 Demo Source and Support. All rights reserved.
All other trademarks are property of their respective owners.