I need help with sql and data relation tables - asp.net

i building a mini forum site.. and i constructed a few tables.
1) Users
2) Threads
3) Comments
4) Topics
i build a function that would insert a comment each time a user would submit a comment:
string saveComment = "INSERT INTO Comments(";
saveComment += " UsersID, ThreadsID, Date, Comments, CommentResponse";
saveComment += "Values('" + "','";// no idea what to insert in the UsersID
saveComment += "" + "','";// no idea what to insert in the ThreadsID
saveComment += DateTime.Now + "','";
saveComment += CommenttxtBox.Text + "','";
saveComment += commentResponseString + "')";
As you can see the fields have UsersID and ThreadID, both connected by a foreign key to the comments table.
Now, each time the user submits a comment, i guess i need to insert also to the UsersID field (which is an int in the comments table, and that field increases incrementally by 1 in the Users table). How can i insert a comment, and notify the other table not to increase the UserID by 1. in fact i want it the UserID to stay the same for each user submitting a comment..
How do i do that? i need to insert to a few fields in one table (comments) but keep the other tables informed that it is actually the same user who submitted the comment .
Note: i dont know any vb, only c#, and i use visual studio 2010. asp.net

BTW, the way you are inserting is a security issue, you could get SQL injection ...
Use the system.data.sqlclient.sqlparameters to passe values.

You are creating a very standard normalised structure. Your Users table will be responsible for controlling the UserID values that are generated.
You have two situations to cope with when inserting new comments:
The User exists and is logged in.
The User does not exist and is anonymous.
In the first situation, when you are inserting the comments you will not need to bother looking at the Users table. This assumes you have the UserID already loaded (as the user is logged in).
In the second situation, you will first need to a new row to the Users table and return the UserID that the table generates (assuming you are using an identity column). You can then pass this value to the Comments table.
The following script is an example of addressing the second situation:
DECLARE #userId int
INSERT INTO Users (Username, FirstName)
VALUES ('adamh', 'Adam')
SET #userId = SCOPE_IDENTITY()
INSERT INTO Comments(UserId, ThreadId, Comment)
VALUES (#userId, 1, 'My comment')
If you want to continue with your current coding style, simply concatenate the values into the relevant parts of the string.
However, with such as neatly defined structure as the one you have, I'd advise using something like Entity Framework 4.0, or LINQ to SQL, which cuts a lot of plumbing out once you have defined your structures.

Related

Is it okay to use .Query<table_name> when updating SQLite using Xamarin?

I have taken over some code and I see that database updates are performed like this:
dbcon = DependencyService.Get<ISQLite>().GetConnection();
public void UpdateAnswered(string id)
{
lock(locker)
{
dbcon.Query<Phrase>("UPDATE Phrase SET Answered = Answered + 1 " +
"WHERE Id = ?", id);
}
}
I am new to using SQLite with Xamarin but it looks strange to me that this update is handled with a dbcon.Query and that the table name is passed as . Can someone confirm is this the optimal way to handle a table update? Also why is it coded as a query with the table name being passed?
Update<T>
This method allows you to pass in an instance of an object that this stored in the database which has a primary key. SQLite then recognizes the primary key and updates the rest of the object's values.
You would just call connection.Update( phrase ); where the phrase is an instance of the Phrase class with properties you want to set. Be aware that all columns except ID will be updated.
Query<T>
Performs a query and returns the results. The type parameter specifies the type of the items returned. This is most appropriate for SELECT queries.
Execute
This returns the number of affected rows by the query as an int. This is probably the best choice for your UPDATE query after the Update<T> method.
ExecuteScalar<T>
Use for queries that return scalar types - like COUNT, etc., where T is the type of the value.
In summary, Update is the most natural way to update a row in the database (with an instance you have), but Query<T> and Execute<T> are very useful if you just want to UPDATE one column like in your example.

Updatable Microsoft Access Combo box that doesn't insert into a table

I need a combo box that can be bound to a table and accept a new entry without inserting that new entry into the table until all of the other fields in the record is ready to be inserted. I tried using code where you use a SQL Insert statement however when I want to save the rest of the data on the form to a table the rest of the data is showing up on a new record. So I have one record with nothing but the project name and another record with everything else.
I have also tried this:
Append2Table = acDataErrContinue
vField = cbo.ControlSource
If Not (IsNull(vField) Or IsNull(NewData)) Then
sMsg = "Do you wish to add the entry " & NewData & " for " & cbo.Name & "?"
If MsgBox(sMsg, vbOKCancel + vbQuestion, "Add new value?") = vbOK Then
Set rst = CurrentDb.OpenRecordset(cbo.RowSource)
rst.AddNew
rst(vField) = NewData
rst.Update
rst.Close
Append2Table = acDataErrAdded
End If
End If
I don't want to use edit because I will have a lot of records with the same project name and when I used the insert statement to add the project name I don't know anyway to have it return the ID field so that I could search for that and edit the record with the rest of the information.
Thank you in advance for any suggestions.
What you want to do is to add the lookup item only if it is going to be used, hence the waiting for the insert.
I don't see how this is possible, because you are going to need the ID of the lookup value in order to do the insert.
I don't recommend doing the insert by hand, it is messy, let Access do it for you.
I think the best idea in this case is to let the user enter the lookup item and have some cleanup mechanism when the form closes to remove any unused items from the lookup table.

create a sequence of number in .net for primary key sql

Can anyone help me with creating a sequence of number in .net for primary key(SQL server). I need to achieve this functionality through .net code. Has anyone ever tried this before?
If you have a set of data with your PK column called RecordID and you want to get the next available one you could do something like this:
var nextId = table.OrderByDescending(x => x.RecordID).First().RecordID++;
However its not perfect as a user could delete the newest record freeing up the RecordID to be re-used. If you have other data that refers to it then it could end up pointing at a different record.
I think #David Tansey's comment was the best advice - use a GUID:
var nextId = Guid.NewGuid();

Database schema advice for storing form fields and field values

I've been tasked with creating an application that allows users the ability to enter data into a web form that will be saved and then eventually used to populate pdf form fields.
I'm having trouble trying to think of a good way to store the field values in a database as the forms will be dynamic (based on pdf fields).
In the app itself I will pass data around in a hash table (fieldname, fieldvalue) but I don't know the best way to convert the hash to db values.
I'm using MS SQL server 2000 and asp.net webforms. Has anyone worked on something similar?
Have you considered using a document database here? This is just the sort of problem they solve alot better than traditional RDBMS solutions. Personally, I'm a big fan of RavenDb. Another pretty decent option is CouchDb. I'd avoid MongoDb as it really isn't a safe place for data in it's current implementation.
Even if you can't use a document database, you can make SQL pretend to be one by setting up your tables to have some metadata in traditional columns with a payload field that is serialized XML or json. This will let you search on metadata while staying out of EAV-land. EAV-land is a horrible place to be.
UPDATE
I'm not sure if a good guide exists, but the concept is pretty simple. The basic idea is to break out the parts you want to query on into "normal" columns in a table -- this lets you query in standard manners. When you find the record(s) you want, you can then grab the CLOB and deserialize it as appropriate. In your case you would have a table that looked something like:
SurveyAnswers
Id INT IDENTITY
FormId INT
SubmittedBy VARCHAR(255)
SubmittedAt DATETIME
FormData TEXT
A few protips:
a) use a text based serialization routine. Gives you a fighting chance to fix data errors and really helps debugging.
b) For SQL 2000, you might want to consider breaking the CLOB (TEXT field holding your payload data) into a separate table. Its been a long time since I used SQL 2000, but my recollection is using TEXT columns did bad things to tables.
The solution for what you're describing is called Entity Attribute Value (EAV) and this model can be a royal pain to deal with. So you should limit as much as possible your usage of this.
For example are there fields that are almost always in the forms (First Name, Last Name, Email etc) then you should put them in a table as fields.
The reason for this is because if you don't somebody sooner or later is going to realize that they have these names and emails and ask you to build this query
SELECT
Fname.value fname,
LName.Value lname,
email.Value email,
....
FROM
form f
INNER JOIN formFields fname
ON f.FormId = ff.FormID
and AttributeName = 'fname'
INNER JOIN formFields lname
ON f.FormId = ff.FormID
and AttributeName = 'lname'
INNER JOIN formFields email
ON f.FormId = ff.FormID
and AttributeName = 'email'
....
when you could have written this
SELECT
common.fname,
common.lname,
common.email,
....
FROM
form f
INNER JOIN common c
on f.FormId = c.FormId
Also get off of SQL 2000 as soon as you can because you're going to really miss the UNPIVOT clause
Its also probably not a bad idea to look at previous SO EAV questions to give you an idea of problems that people have encountered in the past
I'd suggest mirroring the same structure:
Form
-----
form_id
User
created
FormField
-------
formField_id
form_id
name
value

message board / scrapbook in asp.net

I am asp.net developer
I need to know about how does scrapbook works in orkut?
I need to make an application in which the user can reply to each other
Upto the limit of 1000 characters
Its a very broad question so my answer is going to have to be quite broad in scope,
First things first we're gonna need a database to contain the data, I don't know what else is going into your site so lets go with a basic 2 table model. You'll probably want to add more fields depending on your requirements.
Tables users ScrapbookPost
Fields UserID (pk) SBPID (pk)
UserName ToUser (fk)
Password FromUser (fk)
PostText
CreateDate
With that basic structure we can have users leaving each other Scrapbook posts
This SQL code would retrieve all posts on a users wall where #userPage is the userID of the current users page.
Select
u.UserName, PostText, CreateDate
From
users u inner join
scrapbookpost sb on u.UserID = sb.FromUser
where
sb.ToUser = #userPage
order by
CreateDate desc
Seeing a conversation between two users would mean querying like this
Select
u.UserName, PostText, CreateDate
From
users u inner join
scrapbookpost sb on u.UserID = sb.FromUser
where
(ToUser = #userID1
and
FromUser = #userID2)
or
(ToUser = #userID2
and
FromUser = #userID1)
order by
CreateDate desc
That's the basic data structure and queries you need!
Give the users a webform to write posts and validate on the server side to make sure the posts are less than 1000 characters and don't contain any nasties like cross site scripting or sql injection
For their scrapbook pages use either Stored procedures or construct your query manually then bind your results to an ASP Repeater for output.
To beautify things a bit you could consider allowing them some HTML formatting with a control like this or rich text editing with a control like this.

Resources