C# ASP.NET Sql Command Insert Statement Source Code Example

Posted by asp.net videos on Sunday, December 13, 2009 · 3 Comments 




Putting the Pieces of .NET Together - 8 Part Video Series

By Wade Harvey

IntroductionPutting the Pieces of .NET Together - Introduction
Videos 1-4
1. Servers
(3 minutes)
2. .NET
Framework
(10 minutes)
3. Security
(8 minutes)
4. Monitoring
Tools
(10 minutes)
Videos 5-8
5. Web Servers
(6 minutes)
6. SQL Server
(6 minutes)
7. Software
Develop Tools
(10 minutes)
8. Languages
(2 minutes)
Download PDF
Putting the Pieces of .NET Together - 48-page PDF


Sql Command Insert Statement

Purpose: – Illustrates using in C-Sharp ASP.NET.

Prerequistes:

  1. Install C# (Express or Standard Edition)
  2. Install SQL Server Express
  3. Download Northwind and Pubs Databases
  4. Attach Northwind Database to Databases in Sql Express
  5. Attach pubs Database to Databases in Sql Express

Notes:

  • You can build your own library of syntax examples by using same web site over and over and just add new web forms to it.

Instructions:

  1. Use Visual Web Developer 2008
  2. Create new web site;
    • Click File/New Web Site
    • Select ASP.NET Website Template
    • Select C-Sharp for Language
    • name of Web Site could be CSharp_ASPNET_Syntax.
  3. Add New folder named "Database_ADONET"
    • Right-click project name in solution explorer;
    • add new folder;
    • name of folder could be: Database_ADONET
  4. Add Web Form Named SqlCommandInsert to Database_ADONET folder
    • Right-click Database_ADONET folder;
    • add new item;
    • Select Web Form
    • Check place code behind in separate file
    • Web Form name could be SqlCommandInsert
  5. Click on copy code in code below to copy code into web form SqlCommandInsert.aspx
  6. Click on copy code in second set of code below to copy code into code-behind SqlCommandInsert.aspx.cs
  7. Right-click on SqlCommandInsert.aspx in solution explorer and select view in browser

Step 1: Click on Copy Code to Cut-n-paste code into SqlCommandInsert.aspx

 XML |  copy code |? 
< %@ Page Language="C#" AutoEventWireup="false" CodeFile="SqlCommandInsert.aspx.cs" Inherits="Database_ADONET_SqlCommandInsert" %>
 
< !DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1" runat="server">
    <title></title>
</head>
<body>
    <form id="form1" runat="server">
    <div>
        <table>
        <tr>
        <td>First Name: </td><td>
        <asp :TextBox ID="txtFirstName" runat="server"></asp>
        </td>
        </tr>
        <tr>
        <td>Last Name: </td><td>
        <asp :TextBox ID="txtLastName" runat="server"></asp>
        </td>
        </tr>
        </table><br />
        <asp :Button ID="btnInsert" runat="server" Text="Insert" 
            onclick="btnInsert_Click" /><br />
        <asp :Label ID="lblErrMsg" runat="server" Text="lblErrMsg" ForeColor="#FF3300" 
            Visible="False"></asp><br />
        <asp :GridView ID="GridView1" runat="server" DataSourceID="sdsEmployees">
        </asp>
        <asp :SqlDataSource ID="sdsEmployees" runat="server" 
            ConnectionString="<%$ ConnectionStrings:Northwind_ConnectionString %>" 
            SelectCommand="SELECT [FirstName], [LastName] FROM [Employees]">
        </asp>
    </div>
    </form>
</body>
</html>
 

 
 Step 2: Click on Copy Code to Cut-n-paste code into SqlCommandInsert.aspx.cs
 C# |  copy code |? 
using System;
using System.Data;
using System.Data.SqlClient;
using System.Configuration;
 
partial class Database_ADONET_SqlCommandInsert : System.Web.UI.Page
{
 
    protected void btnInsert_Click(object sender, System.EventArgs e)
    {
        SqlConnection thisConnection = new SqlConnection(ConfigurationManager.ConnectionStrings["Northwind_ConnectionString"].ConnectionString);
 
        //Create Command object
        SqlCommand nonqueryCommand = thisConnection.CreateCommand();
 
        try
        {
            // Open Connection
            thisConnection.Open();
 
            // Create INSERT statement with named parameters
            nonqueryCommand.CommandText = "INSERT  INTO Employees (FirstName, LastName) VALUES (@FirstName, @LastName)";
 
            // Add Parameters to Command Parameters collection
            nonqueryCommand.Parameters.Add("@FirstName", SqlDbType.VarChar, 10);
            nonqueryCommand.Parameters.Add("@LastName", SqlDbType.VarChar, 20);
 
 
            nonqueryCommand.Parameters["@FirstName"].Value = txtFirstName.Text;
            nonqueryCommand.Parameters["@LastName"].Value = txtLastName.Text;
 
            nonqueryCommand.ExecuteNonQuery();
        }
 
        catch (SqlException ex)
        {
            // Display error
            lblErrMsg.Text = ex.ToString();
            lblErrMsg.Visible = true;
        }
 
        finally
        {
            // Close Connection
            thisConnection.Close();
 
        }
        GridView1.DataBind();
    }
 
    protected void  
Page_Load(object sender, System.EventArgs e)
    {
        lblErrMsg.Visible = false;
 
    }
 
}
 
 

 
 Step 3: Click on Copy Code to Cut-n-paste code into web.config right after the appSettings section 
 XML |  copy code |? 
<connectionstrings>
    <add name="Northwind_ConnectionString"
      connectionString="Server=(local)\SQLEXPRESS;Initial Catalog=Northwind;Integrated Security=SSPI" />
    <add name="Pubs_ConnectionString"
      connectionString="Server=(local)\SQLEXPRESS;Initial Catalog=pubs;Integrated Security=SSPI" />
  </connectionstrings>
 
Related posts:
  1. VB.NET ASP.NET Sql Command Insert Statement Source Code Example VB.NET ASP.NET Sql Command Insert Statement Source Code Example...
  2. C# ASP.NET Sql Command Delete Statement Source Code Example C# ASP.NET Sql Command Delete Statement Source Code Example...
  3. VB.NET ASP.NET Sql Command Delete Statement Source Code Example VB.NET ASP.NET Sql Command Delete Statement Source Code Example...
  4. C# ASP.NET Sql Command Update Statement Source Code Example C# ASP.NET Sql Command Update Statement Source Code Example...
  5. VB.NET ASP.NET Sql Command Update Statement Source Code Example VB.NET ASP.NET Sql Command Update Statement Source Code Example...
Related posts brought to you by Yet Another Related Posts Plugin.
Filed under Code Samples · Tagged with , , , , , 
Comments
 3 Responses to “C# ASP.NET Sql Command Insert Statement Source Code Example”
  1.  Jon says:
     February 9, 2010 at 1:39 pm
    Muy buena… gracias me sirvio bastante opara realizar un proyecto de la u q no tenia idea ….
     Gracias…….
  2.  Desai Hakoo S says:
     August 13, 2010 at 4:57 am
    Dont you think this is lenghty method??
     U can just make it sort like this :
    Sqlcommamd sqlcmd = ("INSERT  INTO Employees (FirstName, LastName) VALUES (' "FirstName.text" ', ' "LastName.text" ')";
     sqlcmd.ExecuteNonQuery();
    I tried n got success. If any prons or cons of this method, then definatly inform me.
  3.  asp.net videos says:
     August 13, 2010 at 8:24 am
    Desai,
    Good question.
    I have always heard parameterized queries are the safest way to avoid sql injection. In the example syntax you gave, I am wondering what would happen if a hacker entered the following into FirstName.Text: myname' or 1 = 1; Drop tables —
    I am thinking that the hackers single quote would cause the firstname.text field to end and allow the rest to execute as sql – causing a real problem.
    Thanks!
Speak Your Mind
Tell us what you're thinking... 
and oh, if you want a pic to show with your comment, go get a gravatar!
 
 
 
 
  
This blog uses the cross-linker plugin developed by Web-Developers.Net