private void Search(String searchTerm)
{
var first = true;
var comma = "";
var scripts = new CommonPage();
var sqlString = String.Format("select Id, Name from avDBPlayer where name like '%{0}%' order by name", searchTerm.Replace("'", "''").Replace(";", "").Replace(":", "").Replace("drop", "").Replace("select","").Replace("truncate",""));
SqlCommand command = new SqlCommand(sqlString, scripts.GetConnection());
var reader = command.ExecuteReader();
if (!reader.HasRows)
{
Response.Write("[\"(no players found)\"]");
}
else
{
Response.Write("[");
while (reader.Read())
{
if (first)
comma = "";
else
comma = ", ";
Response.Write(String.Format("{1}{{\"label\":\"{0}\",\"value\":\"{2}\"}}", reader[1].ToString(), comma, reader[0].ToString()));
first = false;
}
Response.Write("]");
}
reader.Close();
}
private void LoadFromMSSQL()
{
var Scripts = new CommonPage();
var connection = Scripts.GetConnection();
var command = connection.CreateCommand();
command.CommandText = String.Format("select * from avDBGames where id = {0}", Id);
var Reader = command.ExecuteReader();
while (Reader.Read())
{
Date = Convert.ToDateTime(Reader.GetValue(Reader.GetOrdinal("Date")));
}
connection.Close();
}