Stored Procedures
-
Hi laks here,i want some help regarding stored procedures usage,how we can use stored procedure in ASP.net,plz explain me with example:doh:
-
Hi laks here,i want some help regarding stored procedures usage,how we can use stored procedure in ASP.net,plz explain me with example:doh:
Stored procedures have nothing to do with ASP.NET directly. Stored procedures are stored on a databse server, and you can call them from .NET using ADO.NET -------------------------------------------------------- My development blog Q:What does the derived class in C# tell to it's parent? A:All your base are belong to us!
-
Hi laks here,i want some help regarding stored procedures usage,how we can use stored procedure in ASP.net,plz explain me with example:doh:
hey i'll give you an example asp.net ( VB.net ) for executing a stored procedure in sql server 2005 but it same in another database 1) the stored procedures to add record and take the paramters from textboxes the code for stored procedures in sql is : create PROCEDURE SP1 ( @ID bigint , @Name nvarchar(50), @Description nvarchar(500), @ProjectID bigint ) AS INSERT INTO [TBASE].[dbo].[TaskType] ([ID] ,[Name] ,[Description] ,[ProjectID]) VALUES (@ID ,@Name,@Description,@ProjectID) RETURN 2) to execute this stored procedures from asp.net Imports System Imports System.Data Imports System.Data.OleDb Dim con As New OleDbConnection("Provider=SQLNCLI.1;Data Source=DADAX\DADAX;Integrated Security=SSPI;Initial Catalog=TBase") con.Open() Dim MyCommand As New OleDbCommand() MyCommand.Connection = con Dim proc As String proc = "EXEC SP1 " & TextBox1.Text & ",'" & TextBox2.Text & "','" & TextBox3.Text & "'," & TextBox4.Text MyCommand.CommandText = proc MyCommand.ExecuteReader() I wish that help you DADAX
-
hey i'll give you an example asp.net ( VB.net ) for executing a stored procedure in sql server 2005 but it same in another database 1) the stored procedures to add record and take the paramters from textboxes the code for stored procedures in sql is : create PROCEDURE SP1 ( @ID bigint , @Name nvarchar(50), @Description nvarchar(500), @ProjectID bigint ) AS INSERT INTO [TBASE].[dbo].[TaskType] ([ID] ,[Name] ,[Description] ,[ProjectID]) VALUES (@ID ,@Name,@Description,@ProjectID) RETURN 2) to execute this stored procedures from asp.net Imports System Imports System.Data Imports System.Data.OleDb Dim con As New OleDbConnection("Provider=SQLNCLI.1;Data Source=DADAX\DADAX;Integrated Security=SSPI;Initial Catalog=TBase") con.Open() Dim MyCommand As New OleDbCommand() MyCommand.Connection = con Dim proc As String proc = "EXEC SP1 " & TextBox1.Text & ",'" & TextBox2.Text & "','" & TextBox3.Text & "'," & TextBox4.Text MyCommand.CommandText = proc MyCommand.ExecuteReader() I wish that help you DADAX
dadax_85 wrote:
OleDbConnection
Why are you using OleDb to connect to a SQL Server. Why not use a SqlConnection?
dadax_85 wrote:
proc = "EXEC SP1 " & TextBox1.Text & ",'" & TextBox2.Text & "','" & TextBox3.Text & "'," & TextBox4.Text
This is a security nightmare. You are advising people down the route to a SQL Injection Attack. Don't do this! See: SQL Injection Attacks and Tips on How To Prevent Them[^]
"On two occasions, I have been asked [by members of Parliament], 'Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able to rightly apprehend the kind of confusion of ideas that could provoke such a question." --Charles Babbage (1791-1871) My: Website | Blog
-
dadax_85 wrote:
OleDbConnection
Why are you using OleDb to connect to a SQL Server. Why not use a SqlConnection?
dadax_85 wrote:
proc = "EXEC SP1 " & TextBox1.Text & ",'" & TextBox2.Text & "','" & TextBox3.Text & "'," & TextBox4.Text
This is a security nightmare. You are advising people down the route to a SQL Injection Attack. Don't do this! See: SQL Injection Attacks and Tips on How To Prevent Them[^]
"On two occasions, I have been asked [by members of Parliament], 'Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able to rightly apprehend the kind of confusion of ideas that could provoke such a question." --Charles Babbage (1791-1871) My: Website | Blog
-
Hi laks here,i want some help regarding stored procedures usage,how we can use stored procedure in ASP.net,plz explain me with example:doh:
Dim con As New SqlConnection("Data Source=eyetech\sqlexpress;Initial Catalog=TBase;Integrated Security=True" providerName="System.Data.SqlClient" ) Dim MyCommand As New SqlCommand con.Open() MyCommand.Connection = con Dim proc As String proc = "EXEC SP1 " & TextBox1.Text & ",'" & TextBox2.Text & "','" & TextBox3.Text & "'," & TextBox4.Text MyCommand.CommandText = proc MyCommand.ExecuteReader() DADAX
-
Dim con As New SqlConnection("Data Source=eyetech\sqlexpress;Initial Catalog=TBase;Integrated Security=True" providerName="System.Data.SqlClient" ) Dim MyCommand As New SqlCommand con.Open() MyCommand.Connection = con Dim proc As String proc = "EXEC SP1 " & TextBox1.Text & ",'" & TextBox2.Text & "','" & TextBox3.Text & "'," & TextBox4.Text MyCommand.CommandText = proc MyCommand.ExecuteReader() DADAX
dadax_85 wrote:
proc = "EXEC SP1 " & TextBox1.Text & ",'" & TextBox2.Text & "','" & TextBox3.Text & "'," & TextBox4.Text
very dangerous! using these code instead: [C#]
SqlCommand cmd = new SqlCommand("SP1", con);
cmd.CommandType = CommandType.StoredProcedure;cmd.Parameters.Add("@ID", TextBox1.Text);
cmd.Parameters.Add("@Name", TextBox2.Text);
cmd.Parameters.Add("@Decription", TextBox3.Text);
cmd.Parameters.Add("@ProjectID", TextBox4.Text);cmd.ExecuteNonQuery();
-- modified at 21:55 Sunday 23rd April, 2006