protected void btn_Submit_Click(object sender, EventArgs e) { using (var db = new Solution.AdventureWorksEntities()) { var obj = new Solution.Product(); obj.Color = txt_Color.Text; obj.ListPrice = Convert.ToDecimal(txt_ListPrice.Text); obj.ModifiedDate = DateTime.Now; obj.Name = txt_Name.Text; obj.ProductCategoryID = Convert.ToInt32(ddl_Category2.SelectedValue); obj.ProductNumber = txt_ProductNumber.Text; obj.SellStartDate = DateTime.Now; obj.Size = txt_Size.Text; obj.StandardCost = Convert.ToDecimal(txt_StandardCost.Text); obj.ThumbnailPhotoFileName = ""; obj.ThumbNailPhoto = null; obj.rowguid = Guid.NewGuid(); obj.Weight = Convert.ToDecimal(txt_Weight.Text); db.Products.AddObject(obj); db.SaveChanges(); GV.SelectedIndex = -1; GV.DataBind(); TC.ActiveTabIndex = 0; } }
protected void btn_SQLInjection_Click(object sender, EventArgs e) { using (var db = new Solution.AdventureWorksEntities()) { var records = (from p in db.Addresses where p.City.Contains("chi") select p).FirstOrDefault(); records.AddressLine2 = "' where Address like '%' --" + DateTime.Now.ToString("dd MMM yyyy HH:mm:sss"); //sql statement to terminate/overwrite existing sql script. db.SaveChanges(); } BindData(); }
protected void GV_SelectedIndexChanged(object sender, EventArgs e) { //reduction in lines of codes to make it more readable //Extension to convert the datakey object to int32 var ID = GV.SelectedDataKey.Value.ToInt32(); //using LINQ rather than normal SQL using (var db = new AdventureWorksEntities()) { //Expression trees rather than using normal SQL var Invoices = from p in db.SalesOrderHeaders where p.SalesOrderID == ID orderby p.SalesOrderNumber select new { p, p.SalesOrderDetails }; if (Invoices.Count() > 0) { var sb = new StringBuilder("<h2>Invoice Details</h2><table border='1'><tr valign='top'><td>Address</td><td>Freight</td><td>Ship Date</td><td>Ship Method</td><td>Status</td><td>Items</td></tr>"); //using foreach to improve performance foreach (var Invoice in Invoices) { var sb_Items = new StringBuilder(); //inline expression foreach (var Item in Invoice.SalesOrderDetails.Select(p => p.Product.Name).OrderBy(p => p)) { sb_Items.AppendBR(Item); } //AppendItemsToTable is an extension to promote reuse sb.AppendItemsToTable(Invoice.p.Address.AddressLine1 + "<br />" + Invoice.p.Address.AddressLine2, Invoice.p.Freight, Invoice.p.ShipDate, Invoice.p.ShipMethod, Invoice.p.Status, sb_Items); } sb.Append("</table>"); lbl.Text = sb.ToString(); } else { lbl.Text = "No Invoices"; } } }
protected void btn_Update_Click(object sender, EventArgs e) { using (var db = new Solution.AdventureWorksEntities()) { //var records = from p in db.Addresses // where p.City.Contains("chi") // select p; var records = from p in db.ProductCategories where p.ParentProductCategoryID == null orderby p.Name select p; foreach (var r in records) r.ModifiedDate = DateTime.Now; db.SaveChanges(); } BindData(); }
void BindData() { using (var db = new Solution.AdventureWorksEntities()) { //var records = from p in db.ProductCategories // where p.ParentProductCategoryID==null // orderby p.Name // select p; var records = from p in db.Products orderby p.Name select p.Name p.ProductNumber p.Color p.ModifiedDate p.ProductID; //select ProductCategoryID as ID, Name as Text from ProductCategory //where ParentProductCategoryID is null order by Name //SELECT [Name], [ProductNumber], [Color], [ModifiedDate], [ProductID] FROM [Product] ORDER BY [Name] GV.DataSource = records; GV.DataBind(); } }