Attach SqlCommand to DataGrid : SqlCommand « ADO.net Database « ASP.NET Tutorial






  1. ASP.NET Tutorial
  2. ADO.net Database
  3. SqlCommand
<%@ Page Language="C#" %>
<%@ import Namespace="System.Data" %>
<%@ import Namespace="System.Data.SqlClient" %>
<script runat="server">

    void Page_Load(object sender, EventArgs e) {
        if (!Page.IsPostBack)
        {
            string ConnectionString = ConfigurationSettings.AppSettings["MSDEConnectString"];
            SqlConnection myConnection = new SqlConnection(ConnectionString);
    
            try{
                string CommandTextPublisher = "SELECT PublisherID, PublisherName FROM Publisher";
                SqlCommand myCommandPublishers = new SqlCommand(CommandTextPublisher, myConnection);
    
                myConnection.Open();
    
                DropDownList1.DataSource = myCommandPublishers.ExecuteReader();
                DropDownList1.DataTextField = "PublisherName";
                DropDownList1.DataValueField = "PublisherID";
                DropDownList1.DataBind();
                DropDownList1.Items.Insert(0, new ListItem("-- All Publishers --", "0"));
            }
            catch (Exception ex){
                throw(ex);
            }
            finally{
                myConnection.Close();
            }
        }
    }
    
    void ApplyFilter_Click(Object sender, EventArgs e) {
        string ConnectionString = ConfigurationSettings.AppSettings["MSDEConnectString"];
        SqlConnection myConnection = new SqlConnection(ConnectionString);
    
        try{
            string CommandTextBooks = "SELECT Book.BookTitle, Publisher.PublisherName FROM Book INNER JOIN Publisher on Book.BookPublisherID = Publisher.PublisherID";
            string filterValue = DropDownList1.SelectedValue;
            if (filterValue != "0")
                CommandTextBooks += " WHERE Book.BookPublisherID = " + filterValue;
            CommandTextBooks+=" ORDER BY Book.BookTitle";
            SqlCommand myCommandBooks = new SqlCommand(CommandTextBooks, myConnection);
    
            myConnection.Open();
    
            DataGrid1.DataSource = myCommandBooks.ExecuteReader();
            DataGrid1.DataBind();
        }
        catch (Exception ex){
            throw(ex);
        }
        finally{
            myConnection.Close();
        }
    }

</script>
<html>
<head>
</head>
<body>
    <form runat="server">
        
            Select a Publisher: 
            <asp:DropDownList id="DropDownList1" runat="server"></asp:DropDownList>
            &nbsp; 
            <asp:Button id="Button1" onclick="ApplyFilter_Click" runat="server" Text="Show Titles"></asp:Button>
        
        <asp:datagrid id="DataGrid1" runat="server" EnableViewState="False">
            <HeaderStyle font-bold="True" forecolor="white" backcolor="#4A3C8C"></HeaderStyle>
            <ItemStyle backcolor="#DEDFDE"></ItemStyle>
        </asp:datagrid>
    </form>
</body>
</html>


File: Web.config

<configuration>
    <appSettings>
        <add key="MSDEConnectString" value="server=(local)\YourDatabase;database=Books;uid=YourID;pwd=letmein;" />
    </appSettings>
</configuration>








18.3.SqlCommand
18.3.1.Create SqlCommand from sql statement and connection
18.3.2.Executing a Command
18.3.3.Executing a Command with Parameters
18.3.4.Returning a Single Value
18.3.5.Read scalar data by using SqlCommand
18.3.6.Execute insert command by using SqlCommand
18.3.7.Execuate select command by using the SqlCommand
18.3.8.Execute update command
18.3.9.Attach SqlCommand to DataGrid
18.3.10.Pass a CommandBehavior.CloseConnection parameter to the ExecuteReader() method.
18.3.11.Executing Asynchronous Database Commands
18.3.12.Avoid SQL injection
18.3.13.Avoid SQL Injection attack
18.3.14.Browser Snoop