ASP NET parameter: passing a parameter?

Hi Guys,

I am just starting on ASP.net. I have created this file so far called database.aspx. The file contains this code:

<%@dotnet.itags.org. Page Language="C#" %>
<script runat="server">

void Page_load(object Sender, EventArgs e)
{

// Discover if SKU QueryString contains a value
string SKU = Request.QueryString["SKU"];
if (SKU == "")
Response.Write ("NO SKU");
else
DataGrid1.DataSource = GetProduct();
DataGrid1.DataBind();
}

System.Data.DataSet GetProduct() {

// Connect to Database
string connectionString = "Provider=Microsoft.Jet.OLEDB.4.0; Ole DB Services=-4; Data Source=C:\\test\\database\\test.mdb";
System.Data.IDbConnection dbConnection = new System.Data.OleDb.OleDbConnection(connectionString);

// SQL
string queryString = "SELECT [Products].Title FROM [Products] WHERE ([Products].SKU = @dotnet.itags.org.SKU)";
System.Data.IDbCommand dbCommand = new System.Data.OleDb.OleDbCommand();
dbCommand.CommandText = queryString;
dbCommand.Connection = dbConnection;

//Request SKU # from Querystring then locate prodcut based on SKU #

System.Data.IDataParameter dbParam_SKU = new System.Data.OleDb.OleDbParameter();
dbParam_SKU.ParameterName = "@dotnet.itags.org.SKU";
dbParam_SKU.Value = SKU;
dbParam_SKU.DbType = System.Data.DbType.Int32;
dbCommand.Parameters.Add(dbParam_SKU);

System.Data.IDbDataAdapter dataAdapter = new System.Data.OleDb.OleDbDataAdapter();
dataAdapter.SelectCommand = dbCommand;
System.Data.DataSet dataSet = new System.Data.DataSet();
dataAdapter.Fill(dataSet);

return dataSet;

}

</script>
<html>
<head>
</head>
<body>
<form runat="server">
<br />
<br />
<asp:DataGrid id="DataGrid1" runat="server"></asp:DataGrid>

</form>
</body>
</html>

I am trying to pass the SKU from the page_load into the GetProducts();

Can someone please help me as I have been trying to work this out all afternoon.

Thanks for the help (any other comments about how to speed up or improve the code are much appricitated). Big Smile [:D]

Muller

<%@. Page Language="C#" %>
<script runat="server">

void Page_load(object Sender, EventArgs e)
{

// Discover if SKU QueryString contains a value
string SKU = Request.QueryString["SKU"];
if (SKU == "")
Response.Write ("NO SKU");
else

{
DataGrid1.DataSource = GetProduct(SKU);
DataGrid1.DataBind();

}
}

System.Data.DataSet GetProduct(String SKU) {

// SQL
string queryString = "SELECT [Products].Title FROM [Products] WHERE ([Products].SKU = @.SKU)";
System.Data.IDbCommand dbCommand = new System.Data.OleDb.OleDbCommand();
dbCommand.CommandText = queryString;
dbCommand.Connection = dbConnection;

//Request SKU # from Querystring then locate prodcut based on SKU #

System.Data.IDataParameter dbParam_SKU = new System.Data.OleDb.OleDbParameter();
dbParam_SKU.ParameterName = "@.SKU";
dbParam_SKU.Value = SKU;
dbParam_SKU.DbType = System.Data.DbType.Int32;
dbCommand.Parameters.Add(dbParam_SKU);

return dataSet;

}

</script>
<html>
<head>
</head>
<body>
<form runat="server">
<br />
<br />
<asp:DataGrid id="DataGrid1" runat="server"></asp:DataGrid>

</form>
</body>
</html>

Im not a C# programmer so the syntax might be wrong, but I would pass the SKU in as a parameter to the GetProduct routine...like GetProduct(SKU)

and update the query to something like:
string queryString = "SELECT [Products].Title FROM [Products] WHERE ([Products].SKU = " + SKU + ")";

Of course, you would need to change the function so you could pass in the SKU...OR you could create a module level variable and change that variable in your page load, and use it in your function.

MajorCats

thankswessamzeidan that works great.

MajorCats - Thats exactly the way I use to do it in ASP but in one of my ASP.NET books it says to do it this way to try and reduce the risk of SQL injection attacks. I need to look into this more but if anyone has any thoughts please email/reply to this post Big Smile [:D]

Thanks again

Muller

Wednesday, March 21, 2012

passing a parameter?

0 comments:

Post a Comment

ASP NET parameter

Blog Archive

About Me