//This is the code of presentation layer
BusinessAccessLayer.BLogic obj1 = new BusinessAccessLayer.BLogic();
string i = DDMenu.SelectedValue;
DataTable dt = new DataTable();
dt=obj1.getBind(i);
GridView1.DataSource = dt;
GridView1.DataBind();
//This is the code of business access layer
DataAccessLayer.DBLogic obj1 = new DataAccessLayer.DBLogic();
public DataTable getBind(string i)
{
return obj1.getInstrument(i);
}
//This is the code of database access layer
public DataTable getInstrument(string i)
{
SqlConnection con = new SqlConnection(constr);
con.Open();
try
{
SqlCommand cmd = new SqlCommand("selectedval", con);
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.AddWithValue("#category_id", i);
SqlDataAdapter da = new SqlDataAdapter(cmd);
DataTable dt = new DataTable();
da.Fill(dt);
return dt;
}
catch
{
throw;
}
finally
{
con.Close();
}
}
Here I have inserted some images in sql server by insert query. But while binding the data to gridview I am not able to see those images in gridview.
Related
Below is the code for retrieving datatable from database
protected DataTable ExecuteDataTableSQL(string strSQL)
{
using (OracleConnection connection = new OracleConnection(_strConnectionString))
{
dbAdapter.SelectCommand.Connection = connection;
connection.Open();
DataTable dtResult = new DataTable();
try
{
OracleCommand comm = dbAdapter.SelectCommand;
comm.CommandText = strSQL;
comm.CommandType = CommandType.Text;
dbAdapter.Fill(dtResult);
}
catch (Exception ex)
{
throw (ex);
}
return dtResult;
}
}
Below is the simplified code I am using the above method
DataTable dtResult = new DataTable();
string strSQL="some select statement";
dtResult = ExecuteDataTableSQL(strSQL);
if (dtResult.Rows.Count > 0)
{
DataGrid dg = new DataGrid();
dg.DataSource = dtResult;
dg.DataBind();
}
Checkmarx reports this as stored XSS as gets data from the database, for the dtResult element. This element’s value then flows through the code without being properly filtered or encoded and is eventually displayed to the user in method
source: dbAdapter.Fill(dtResult);
destination: dg.DataSource = dtResult;
How to resolve the issue.
i am currently trying to do paging for my gridview but once i allow paging in my gridview it will give me this error : The data source does not support server-side data paging.
this is my code for gridview :
SqlDataReader reader = cmd.ExecuteReader();
GridView1.DataSource = reader;
GridView1.DataSourceID = null;
GridView1.Visible = true;
GridView1.AllowPaging= true;
GridView1.DataBind();
conn.Close();
SqlDataReader is forward-only. Server-side Paging needs to be able to traverse the datasource both backward and forward. Use a different datasource, like SqlDataAdapter, which supports bi-directional traversal.
Example (as requested):
string query = string.Empty;
SqlConnection conn = null;
SqlCommand cmd = null;
SqlDataAdapter da = null;
DataSet ds = null;
try {
query = "SELECT * FROM table WHERE field = #value";
conn = new SqlConnection("your connection string");
cmd = new SqlCommand(query, conn);
cmd.Parameters.Add("value", SqlDbType.VarChar, 50).Value = "some value";
da = new SqlDataAdapter(cmd);
ds = new DataSet();
da.Fill(ds);
if (ds.Tables.Count > 0) {
GridView1.DataSource = ds.Tables(0);
GridView1.AllowPaging = true;
GridView1.DataBind();
}
} catch (SqlException ex) {
//handle exception
} catch (Exception ex) {
//handle exception
} finally {
if (da != null) {
da.Dispose();
}
if (cmd != null) {
cmd.Dispose();
}
if (conn != null) {
conn.Dispose();
}
}
SqlDataAdapter is also from the System.Data.SqlClient Namespace.
Have you tried using a SqlDataAdapter to fill a DataSet/DataTable with your SQL results? Then use that DataTable as your data source for the GridView. Basic framework for filling your DataTable:
public DataTable GetDataTable(String connectionString, String query)
{
DataTable dataTable = new DataTable();
try
{
using (SqlConnection connection = new SqlConnection(connectionString))
{
connection.Open();
using (SqlCommand command = new SqlCommand(query, connection))
{
using (SqlDataAdapter dataAdapter = new SqlDataAdapter(command))
{
dataAdapter.Fill(dataTable);
}
}
}
}
catch
{
}
return dataTable;
}
And then you can use that DataTable as your GridView DataSource:
String connectionString = "Data Source=<datasource>;Initial Catalog=<catalog>;User Id=<userID>;Password=<password>;";
String query = "SELECT * FROM TABLE_NAME WHERE ID=BLAH";
GridView1.DataSource = GetDataTable(connectionString, query);
GridView1.DataSourceID = null;
GridView1.Visible = true;
GridView1.AllowPaging= true;
GridView1.DataBind();
Hopefully this will help.
You can apply paging to a gridview in two ways
(1) Use an object datasource with your gridview
(2) Use jquery Datatable
i test my query in sql server and it's working 100%
but in my page not work !!
this my query
UPDATE Employee SET
Name='jojo',
Age=19,
GenderID=2,
CountryID=5,
Mobile=0917021092
WHERE EmployeeID=10
this my code
protected void GridView1_RowUpdating(object sender, GridViewUpdateEventArgs e)
{
string s = GridView1.DataKeys[e.RowIndex].Value.ToString();
Label id = (Label)GridView1.Rows[e.RowIndex].FindControl("lblEditID");
Label EmployeeID = (Label)GridView1.Rows[e.RowIndex].FindControl("lblEmployeeID");
TextBox name = (TextBox)GridView1.Rows[e.RowIndex].FindControl("txtEditName");
TextBox age = (TextBox)GridView1.Rows[e.RowIndex].FindControl("txtEditAge");
DropDownList gender = (DropDownList)GridView1.Rows[e.RowIndex].FindControl("DropGender");
DropDownList country = (DropDownList)GridView1.Rows[e.RowIndex].FindControl("DropCountry");
TextBox mobile = (TextBox)GridView1.Rows[e.RowIndex].FindControl("txtEditMobile");
string stringconnectiong = ConfigurationManager.ConnectionStrings["Employee_TestConnectionString"].ConnectionString;
string sql = "update Employee set Name=#Name, Age=#Age,GenderID=#GenderID , CountryID=#CountryID , Mobile=#Mobile where EmployeeID=#EmployeeID AND ID=#ID";
SqlConnection con = new SqlConnection(stringconnectiong);
try
{
con.Open();
SqlCommand cmd = new SqlCommand();
cmd.Parameters.AddWithValue("#EmployeeID", EmployeeID.Text);
cmd.Parameters.AddWithValue("#ID", id.Text);
cmd.Parameters.AddWithValue("#Name", name.Text);
cmd.Parameters.AddWithValue("#Age", age.Text);
cmd.Parameters.AddWithValue("#GenderID", gender.SelectedValue);
cmd.Parameters.AddWithValue("#CountryID", country.SelectedValue);
cmd.Parameters.AddWithValue("#Mobile", mobile.Text);
cmd.CommandType = CommandType.Text;
cmd.CommandText = sql;
cmd.Connection = con;
cmd.ExecuteNonQuery();
SqlDataAdapter dr = new SqlDataAdapter(cmd);
DataSet ds = new DataSet();
dr.Fill(ds);
GridView1.DataSource = ds;
GridView1.EditIndex = -1;
BindGridview();
}
catch (System.Data.SqlClient.SqlException ex)
{
string msg = "Error Updating ";
msg += ex.Message;
throw new Exception(msg);
}
finally
{
con.Close();
con.Dispose();
BindGridview();
}
}
Since your datasource is a dataset, you need to specify which data table within the dataset you are using via the DataMember propery. Or just use a data table as your datasource.
Replace the dataset lines with the following:
DataTable dt = new DataTable();
dr.Fill(dt);
GridView1.DataSource = dt;
In addition, use the GridView1_RowUpdated event. The GridView1_RowUpdating event is fired before the table is updated, therefore your parameter values have not been updated yet.
I have a DatagridView and i want to populate it with the contents of a database. I know it can be done through DataAdapter, dataset and Fill/Update commands and all. But what I want to know is, how to write it in a 3tier architecture. I mean, what will be the commands in the Presentation layer, Business layer and Data layer. I am new born baby for 3tier architecturre. And not able to get it right.Thanks.
After googling it for a while and implementing some of my techniques, I came upto this:
UILayer:
private void FillData(object sender, EventArgs e)
{
BusinessObject bo = new BusinessObject();
Datatable dt = new Datatable();
dt = bo.getTable();
datagridview.DataSource = dt;
}
BusinessLayer:
public DataTable getTable()
{
DataLayer dl = new DataLayer();
DataTable dt = new DataTable();
dt = dl.getTable();
if(dt == null || dt.HasErrors == true)
{
MessageBox.Show("Datable has Errors or is Null");
return
}
return dt;
}
DataLayer:
public DataTable getTable()
{
SqlConnection con = new SqlConnection(connectionString);
string myCommand = "Select empId, empDesignation from Employees";
con.Open();
SqlDataAdapter sda = new SqlDataAdapter(myCommand, con);
DataTable dt = new DataTable();
sda.Fill(dt);
return dt;
}
Hope it helps.
I am using asp.net 2008 repeater control. I am trying to refresh the repeater control when a button is clicked, it shows me duplicated values, that means its appending the same values once again. Here is my code
public void LoadRepeater1()
{
con = new SqlConnection(ConfigurationManager.ConnectionStrings["SqlServerConnection"].ConnectionString);
String sql;
sql = "select * from FeeCollection Where AdminNo='"+lblstano.Text+"'";
cmd = new SqlCommand(sql, con);
da = new SqlDataAdapter(sql, con);
da.Fill(ds, "FeeCollection");
dt = ds.Tables["FeeCollection"];
Repeater4.DataSource = dt;
Repeater4.DataBind();
con.Close();
}
protected void btnMedical_Click(object sender, EventArgs e)
{
LoadRepeater1();
}
I want to remove the existing data and refresh the data instead of appending.
Not sure where ds (DataSet) in instantiated. Try to instantiate the DataSet/DataTable within the LoadRepeater1() method.
public void LoadRepeater1()
{
con = new SqlConnection(ConfigurationManager
.ConnectionStrings["SqlServerConnection"].ConnectionString);
sql = "select * from FeeCollection Where AdminNo=#AdminNo";
cmd = new SqlCommand(sql, con);
cmd.Parameters.Add("#AdminNo",System.Data.SqlDbType.VarChar,20).Value=lblstano.Text;
da = new SqlDataAdapter(cmd);
DataTable dt=new DataTable();
da.Fill(dt);
Repeater4.DataSource = dt;
Repeater4.DataBind();
}