public partial class AddToCart : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
DataTable dt = new DataTable();
DataRow dr;
dt.Columns.Add("sno");
dt.Columns.Add("ProductID");
dt.Columns.Add("ProductName");
dt.Columns.Add("Price");
dt.Columns.Add("ProductImage");
dt.Columns.Add("Cost");
dt.Columns.Add("TotalCost");
if (Request.QueryString["id"] != null)
{
if (Session["Buyitems"] == null)
{
dr = dt.NewRow();
String mycon = "Data Source=DESKTOP-8C66I6S/SQLEXPRESS;Initial Catalog=haritiShopping;Integrated Security=True";
SqlConnection scon = new SqlConnection(mycon);
String myquery = "select * from productdetail where ProductID=" + Request.QueryString["id"];
SqlCommand cmd = new SqlCommand();
cmd.CommandText = myquery;
cmd.Connection = scon;
SqlDataAdapter da = new SqlDataAdapter();
da.SelectCommand = cmd;
DataSet ds = new DataSet();
da.Fill(ds);
dr["sno"] = 1;
dr["ProductID"] = ds.Tables[0].Rows[0]["ProductID"].ToString();
dr["ProductName"] = ds.Tables[0].Rows[0]["ProductName"].ToString();
dr["ProductImage"] = ds.Tables[0].Rows[0]["ProductImage"].ToString();
dr["Price"] = ds.Tables[0].Rows[0]["Price"].ToString();
dt.Rows.Add(dr);
GridView1.DataSource = dt;
GridView1.DataBind();
Session["buyitems"] = dt;
}
else
{
dt = (DataTable)Session["buyitems"];
int sr;
sr = dt.Rows.Count;
dr = dt.NewRow();
String mycon = "Data Source=DESKTOP-8C66I6S/SQLEXPRESS;Initial Catalog=haritiShopping;Integrated Security=True";
SqlConnection scon = new SqlConnection(mycon);
String myquery = "select * from productdetail where ProductID=" + Request.QueryString["id"];
SqlCommand cmd = new SqlCommand();
cmd.CommandText = myquery;
cmd.Connection = scon;
SqlDataAdapter da = new SqlDataAdapter();
da.SelectCommand = cmd;
DataSet ds = new DataSet();
da.Fill(ds);
dr["sno"] = sr + 1;
dr["ProductID"] = ds.Tables[0].Rows[0]["ProductID"].ToString();
dr["ProductName"] = ds.Tables[0].Rows[0]["ProductName"].ToString();
dr["ProductImage"] = ds.Tables[0].Rows[0]["ProductImage"].ToString();
dr["Price"] = ds.Tables[0].Rows[0]["Price"].ToString();
dt.Rows.Add(dr);
GridView1.DataSource = dt;
GridView1.DataBind();
Session["buyitems"] = dt;
}
}
else
{
dt = (DataTable)Session["buyitems"];
GridView1.DataSource = dt;
GridView1.DataBind();
Update your connection string like below. You are missing to specify whether you want to use Windows Authentication or User Id & Password.
For Windows Authentication use Integrated Security=SSPI as below :
String mycon = "Data Source=DESKTOP-8C66I6S/SQLEXPRESS;Initial Catalog=haritiShopping;Integrated Security=SSPI";
For Authentication with User Id & Password add User Id & Password as below. Use original user id and password. I have taken sa for example. :
String mycon = "Data Source=DESKTOP-8C66I6S/SQLEXPRESS;Initial Catalog=haritiShopping;Integrated Security=True;user id=sa;password=sa";
Also you need to open connection with
SqlConnection scon = new SqlConnection(mycon);
scon.Open(); //Open connection
P.S. It is always recommended to Close connection too. Add scon.Open(); after da.Fill(ds); line. Why always close Database connection?
.
da.Fill(ds);
scon.Close(); //Close connection
I want to Implement multiple search query system in Asp.Net where search input are in form of TEXTBOX and DROPDOWN LIST. Query should work in combination or indivisually to filter the data from SQL Server
and show in Gridview.
This Code Snippet is for filtering two Dropdown values:
if (Agree_type_srch.SelectedValue != null || Status_srch.SelectedValue != null)
{
if (Agree_type_srch.SelectedValue != null)
{
string connString = #"data source=ABC; database=XYZ; user id=sa; password=1234;";
SqlConnection conn = new SqlConnection(connString);
SqlCommand com = new SqlCommand("Select *from EntryDatabase where Agree_type ='" + Agree_type_srch.SelectedItem.Text + "'", conn);
SqlDataAdapter sqldatad = new SqlDataAdapter();
DataSet ds = new DataSet();
com.Connection = conn;
sqldatad.SelectCommand = com;
using (DataTable dt = new DataTable())
{
sqldatad.Fill(dt);
GridView1.DataSource = dt;
GridView1.DataBind();
}
}
else if (Status_srch.SelectedValue != null)
{
string connString = #"data source=ABC; database=XYZ; user id=sa; password=1234;";
SqlConnection conn = new SqlConnection(connString);
SqlCommand com = new SqlCommand("Select *from EntryDatabase where Curnt_St ='" + Status_srch.SelectedItem.Text + "'", conn);
SqlDataAdapter sqldatad = new SqlDataAdapter();
DataSet ds = new DataSet();
com.Connection = conn;
sqldatad.SelectCommand = com;
using (DataTable dt = new DataTable())
{
sqldatad.Fill(dt);
GridView1.DataSource = dt;
GridView1.DataBind();
}
}
if (Agree_type_srch.SelectedItem.Text != null && Status_srch.SelectedItem.Text != null)
{
string connString = #"data source=ABC; database=XYZ; user id=sa; password=1234;";
SqlConnection conn = new SqlConnection(connString);
SqlCommand com = new SqlCommand("Select * from EntryDatabase where Agree_type ='" + Agree_type_srch.SelectedItem.Text + "'and Curnt_St ='" + Status_srch.SelectedItem.Text + "'", conn);
SqlDataAdapter sqldatad = new SqlDataAdapter();
DataSet ds = new DataSet();
com.Connection = conn;
sqldatad.SelectCommand = com;
using (DataTable dt = new DataTable())
{
sqldatad.Fill(dt);
GridView1.DataSource = dt;
GridView1.DataBind();
}
}
...
First, using string concatenation to provide parameters can result in SQL injection, use SqlParameter to pass parameters would be better.
Second, consider to warp all SqlClient classes by using scope so you don't have to worry close/dispose.
Lastly, For your question, you can use WHERE 1=1 then append any conditions you need.
Take your code as instance.
string connString = #"data source=ABC; database=XYZ; user id=sa; password=1234;";
using (SqlConnection conn = new SqlConnection(connString))
{
conn.Open();
string query = "SELECT * FROM EntryDatabase WHERE 1=1";
using (SqlCommand cmd = new SqlCommand())
{
cmd.Connection = conn;
if (Agree_type_srch.SelectedValue != null)
{
query += " AND Agree_type = #agree_type";
cmd.Parameters.AddWithValue("agree_type", Agree_type_srch.SelectedValue);
}
if (Status_srch.SelectedValue != null)
{
query += " AND Curnt_St = #curnt_st";
cmd.Parameters.AddWithValue("curnt_st", Status_srch.SelectedValue);
}
cmd.CommandText = query;
using (SqlDataAdapter sqldatad = new SqlDataAdapter())
{
DataSet ds = new DataSet();
sqldatad.SelectCommand = cmd;
using (DataTable dt = new DataTable())
{
sqldatad.Fill(dt);
GridView1.DataSource = dt;
GridView1.DataBind();
}
}
}
}
if (CheckBox1.Checked==false)
{
String strConnString = ConfigurationManager.ConnectionStrings["CallcenterConnectionString"].ConnectionString;
SqlConnection con = new SqlConnection(strConnString);
SqlCommand cmd = new SqlCommand("insert into CallCenter..Loy_DispMstr (CallType, SUBFormat, Disposition, SubDisposition) values (#CallType, #Format, #Disposition, #SubDisposition)", con);
cmd.Parameters.AddWithValue("CallType" , SqlDbType.VarChar).Value = ddlCalltype.SelectedItem.Value;
cmd.Parameters.AddWithValue("SUBFormat", SqlDbType.VarChar).Value = ddlFormat.SelectedItem.Value;
cmd.Parameters.AddWithValue("Disposition", SqlDbType.VarChar).Value = ddlDisp.SelectedItem.Value;
cmd.Parameters.AddWithValue("SubDisposition", SqlDbType.VarChar).Value = ddlSubdisp.SelectedItem.Value;
con.Open();
int i = cmd.ExecuteNonQuery();
con.Close();
Label2.Text = " Your data is been saved in the database";
Label2.ForeColor = System.Drawing.Color.ForestGreen;
}
else if(flag==0 && CheckBox1.Checked==true)
{
String strConnString = ConfigurationManager.ConnectionStrings["CallcenterConnectionString"].ConnectionString;
SqlConnection con = new SqlConnection(strConnString);
SqlCommand cmd = new SqlCommand("insert into CallCenter..Loy_DispMstr (CallType, SUBFormat,Disposition, SubDisposition) values (#CallType, #Format,#Disposition, #SubDisposition)", con);
cmd.Parameters.AddWithValue("CallType", SqlDbType.VarChar).Value= ddlCalltype.Text;
cmd.Parameters.AddWithValue("SUBFormat", SqlDbType.VarChar).Value= ddlFormat.Text;
cmd.Parameters.AddWithValue("Disposition", SqlDbType.VarChar).Value= TextBox1.Text;
cmd.Parameters.AddWithValue("SubDisposition", SqlDbType.VarChar).Value= TextBox2.Text;
con.Open();
int i = cmd.ExecuteNonQuery();//error on this
con.Close();
}
}
the error is on the executenonquery
the error is on the executenonquery
the error is on the executenonquery
the error is on the executenonquery
Try this it will work for you :
if (CheckBox1.Checked == false)
{
String strConnString = ConfigurationManager.ConnectionStrings["CallcenterConnectionString"].ConnectionString;
SqlConnection con = new SqlConnection(strConnString);
SqlCommand cmd = new SqlCommand("insert into CallCenter..Loy_DispMstr (CallType, SUBFormat, Disposition, SubDisposition) values (#CallType, #Format, #Disposition, #SubDisposition)", con);
cmd.Parameters.Add("#CallType", ddlCalltype.SelectedItem.Value);
cmd.Parameters.Add("#Format", ddlFormat.SelectedItem.Value);
cmd.Parameters.Add("#Disposition", ddlDisp.SelectedItem.Value);
cmd.Parameters.Add("#SubDisposition", ddlSubdisp.SelectedItem.Value);
con.Open();
int i = cmd.ExecuteNonQuery();
con.Close();
Label2.Text = " Your data is been saved in the database";
Label2.ForeColor = System.Drawing.Color.ForestGreen;
}
else if (flag == 0 && CheckBox1.Checked == true)
{
String strConnString = ConfigurationManager.ConnectionStrings["CallcenterConnectionString"].ConnectionString;
SqlConnection con = new SqlConnection(strConnString);
SqlCommand cmd = new SqlCommand("insert into CallCenter..Loy_DispMstr (CallType, SUBFormat,Disposition, SubDisposition) values (#CallType, #Format,#Disposition, #SubDisposition)", con);
cmd.Parameters.Add("#CallType", ddlCalltype.Text);
cmd.Parameters.Add("#Format", ddlFormat.Text);
cmd.Parameters.Add("#Disposition", TextBox1.Text);
cmd.Parameters.Add("#SubDisposition", TextBox2.Text);
con.Open();
int i = cmd.ExecuteNonQuery();//error on this
con.Close();
}
SqlConnection cnn = klas.baglan();
SqlCommand cmd = new SqlCommand(" Select * from aracResimler where ilanID=3028", cnn);
SqlDataReader dr = cmd.ExecuteReader();
while (dr.Read())
{
Image[] imageArray = new Image[dr.FieldCount];
for (int i = 0; i < imageArray.Length; i++)
{
imageArray[i] = new Image();
imageArray[i].ImageUrl = "~/Images/800/" + dr[2].ToString();
Panel1.Controls.Add(imageArray[i]);
}
}
I could not see what I get images include the panel1
DataTable table = new DataTable();
DataSet ds = SqlHelper.ExecuteDataset(Utility.GetPumaConString(),
CommandType.Text, #"SELECT name,IsBlocked FROM
ht_cust where type=14 and DealerId<>19");
return ds.Tables[0];
Kindly try this on your project.
SqlConnection connection = new SqlConnection("your connectiongstring");
SqlCommand cmd = new SqlCommand("SELECT name,IsBlocked FROM ht_cust where type=14 and DealerId<>19", connection);
SqlDataAdapter da = new SqlDataAdapter(cmd);
DataTable dt = new DataTable();
connection.Open();
da.Fill(dt);
//bind it to the grid
gv.DataSource = dt;
gv.DataBind();
connection.Close();