ExecuteNonQuery() , . , . ExecuteNonQuery() . .
, . :
public void Bind()
{
string connectionString = WebConfigurationManager.ConnectionStrings["connectionString"].ConnectionString;
SqlConnection con = new SqlConnection(connectionString);
SqlCommand cmd_SQL = new SqlCommand("Select * From tovar ", con);
cmd_SQL.CommandType = CommandType.Text;
con.Open();
SqlDataReader rdr_SQL = cmd_SQL.ExecuteReader();
StringBuilder strResult = new StringBuilder("");
while (rdr_SQL.Read())
{
strResult.Append("<li>");
strResult.Append(" <b>");
strResult.Append(rdr_SQL["kod_tov"]);
strResult.Append("</b>, <b>");
strResult.Append(rdr_SQL.GetString(1));
strResult.Append("</b>");
strResult.Append(", <b>");
strResult.Append(rdr_SQL.GetString(2));
strResult.Append("</b></li>");
}
rdr_SQL.Close();
Label2.Text = strResult.ToString();
}
, , Bind()
if (!IsPostBack)
{ Bind(); }
䳿 :
protected void Button1_Click(object sender, EventArgs e)
{ string connectionString = WebConfigurationManager.ConnectionStrings["connectionString"].ConnectionString;
SqlConnection con = new SqlConnection(connectionString);
SqlCommand cmdDelete = new SqlCommand("DELETE FROM tovar WHERE kod_tov=15", con);
try
{ con.Open();
int n = cmdDelete.ExecuteNonQuery();
Label3.Text += String.Format(" {0} </br>", n);
}
catch (SqlException ex)
{ Label3.Text += String.Format(": {0}</br>", ex.Message); }
finally
{ con.Close(); }
Bind();
}
SQL- , ( 18). . 3.18 , . 3.19 . .
. 3.18. -
. 3.19. -
|
|
10. , TextBox. , SQL. , , , . TextBox, , , , .
SqlCommand cmdDelete = new SqlCommand("DELETE FROM tovar WHERE nazv='"++"'",sqlCon);
, , SQL TextBox1 . , , , ' Web , SQL. , , , . , SQL , . , TextBox1 OR '1'='1", , SQL , TextBox1
"DELETE FROM tovar WHERE nazv_tov= OR '1'='1'"
, , OR . SQL, , , Web .
г . -, , , SQL . ( , , , 䳿 ), . , . , , ' Excepton.
, . SQL . , SQL . . 3.20 . 3.21 .
. 3.20. -
. 3.21. -
11. . SQL , , , ' Command Parameters. , , , .
|
|
DELETE FROM tovar WHERE nazv=@Name
@Name , , . . 䳿 SQL Server. 䳿 Access .
DELETE FROM tovar WHERE nazv =?
, SQL Server, .
protected void Button2_Click(object sender, EventArgs e)
{ string connectionString = WebConfigurationManager.ConnectionStrings["connectionString"].ConnectionString;
SqlConnection con = new SqlConnection(connectionString);
string strSQLServer = "DELETE FROM tovar WHERE nazv=@Name";
SqlCommand cmdDeleteSQLServer = new SqlCommand(strSQLServer, con);
try
{ cmdDeleteSQLServer.Parameters.AddWithValue("@Name", TextBox1.Text);
con.Open();
int n = cmdDeleteSQLServer.ExecuteNonQuery();
Label3.Text += String.Format(" SQL Server {0} </br>", n);
}
catch (Exception ex)
{ Label3.Text += String.Format(": {0}</br>", ex.Message);
}
finally
{ con.Close();
}
Bind();
}
. 3.22 . 3.23 .
. 3.22. -
. 3.23. -
12. . SQL, ( ), ', , . , , , , .
, , 䳿 , . , , , . , 䳿, ' , , , .
, . , SQL Server :
set ANSI_NULLS ON
set QUOTED_IDENTIFIER ON
GO
ALTER PROCEDURE [dbo].[AddProduct]
(
@nazv_t varchar(50),
@gost_t varchar(50)
)
AS
SET NOCOUNT OFF;
INSERT INTO [tovar] ([nazv], [gost]) VALUES (@nazv_t, @gost_t);
SELECT kod_tov, nazv, gost FROM tovar WHERE (kod_tov = SCOPE_IDENTITY())
. ϳ , 䳿 , :
protected void Button3_Click(object sender, EventArgs e)
{string connectionString = WebConfigurationManager.ConnectionStrings["connectionString"].ConnectionString;
|
|
SqlConnection con = new SqlConnection(connectionString);
SqlCommand cmd_SQL = new SqlCommand("AddProduct", con);
cmd_SQL.CommandType = CommandType.StoredProcedure;
cmd_SQL.Parameters.Add(new SqlParameter("@nazv_t", SqlDbType.VarChar,50));
cmd_SQL.Parameters["@nazv_t"].Value = TextBox2.Text;
cmd_SQL.Parameters.Add(new SqlParameter("@gost_t", SqlDbType.VarChar, 50));
cmd_SQL.Parameters["@gost_t"].Value = TextBox3.Text;
try
{
con.Open();
int k = cmd_SQL.ExecuteNonQuery();
}
finally
{
con.Close();
}
Bind();
}
. 3.24 , . 3.25 .
. 3.24. -
. 3.25. -