protected void btn_Submit_Click(object sender, EventArgs e)
{
using (var db = new Solution.AdventureWorksEntities())
{
var obj = new Solution.Product();
obj.Color = txt_Color.Text;
obj.ListPrice = Convert.ToDecimal(txt_ListPrice.Text);
obj.ModifiedDate = DateTime.Now;
obj.Name = txt_Name.Text;
obj.ProductCategoryID = Convert.ToInt32(ddl_Category2.SelectedValue);
obj.ProductNumber = txt_ProductNumber.Text;
obj.SellStartDate = DateTime.Now;
obj.Size = txt_Size.Text;
obj.StandardCost = Convert.ToDecimal(txt_StandardCost.Text);
obj.ThumbnailPhotoFileName = "";
obj.ThumbNailPhoto = null;
obj.rowguid = Guid.NewGuid();
obj.Weight = Convert.ToDecimal(txt_Weight.Text);
db.Products.AddObject(obj);
db.SaveChanges();
GV.SelectedIndex = -1;
GV.DataBind();
TC.ActiveTabIndex = 0;
}
}
protected void btn_SQLInjection_Click(object sender, EventArgs e)
{
using (var db = new Solution.AdventureWorksEntities())
{
var records = (from p in db.Addresses
where p.City.Contains("chi")
select p).FirstOrDefault();
records.AddressLine2 = "' where Address like '%' --" + DateTime.Now.ToString("dd MMM yyyy HH:mm:sss");
//sql statement to terminate/overwrite existing sql script.
db.SaveChanges();
}
BindData();
}
protected void btn_Update_Click(object sender, EventArgs e)
{
using (var db = new Solution.AdventureWorksEntities())
{
//var records = from p in db.Addresses
// where p.City.Contains("chi")
// select p;
var records = from p in db.ProductCategories
where p.ParentProductCategoryID == null
orderby p.Name
select p;
foreach (var r in records)
r.ModifiedDate = DateTime.Now;
db.SaveChanges();
}
BindData();
}