protected void btn_Submit_Click(object sender, EventArgs e)
{
using (var db = new Solution.AdventureWorksEntities())
{
var obj = new Solution.Product();
obj.Color = txt_Color.Text;
obj.ListPrice = Convert.ToDecimal(txt_ListPrice.Text);
obj.ModifiedDate = DateTime.Now;
obj.Name = txt_Name.Text;
obj.ProductCategoryID = Convert.ToInt32(ddl_Category2.SelectedValue);
obj.ProductNumber = txt_ProductNumber.Text;
obj.SellStartDate = DateTime.Now;
obj.Size = txt_Size.Text;
obj.StandardCost = Convert.ToDecimal(txt_StandardCost.Text);
obj.ThumbnailPhotoFileName = "";
obj.ThumbNailPhoto = null;
obj.rowguid = Guid.NewGuid();
obj.Weight = Convert.ToDecimal(txt_Weight.Text);
db.Products.AddObject(obj);
db.SaveChanges();
GV.SelectedIndex = -1;
GV.DataBind();
TC.ActiveTabIndex = 0;
}
}
protected void btn_SQLInjection_Click(object sender, EventArgs e)
{
using (var db = new Solution.AdventureWorksEntities())
{
var records = (from p in db.Addresses
where p.City.Contains("chi")
select p).FirstOrDefault();
records.AddressLine2 = "' where Address like '%' --" + DateTime.Now.ToString("dd MMM yyyy HH:mm:sss");
//sql statement to terminate/overwrite existing sql script.
db.SaveChanges();
}
BindData();
}
protected void GV_SelectedIndexChanged(object sender, EventArgs e)
{
//reduction in lines of codes to make it more readable
//Extension to convert the datakey object to int32
var ID = GV.SelectedDataKey.Value.ToInt32();
//using LINQ rather than normal SQL
using (var db = new AdventureWorksEntities())
{
//Expression trees rather than using normal SQL
var Invoices = from p in db.SalesOrderHeaders
where p.SalesOrderID == ID
orderby p.SalesOrderNumber
select new { p, p.SalesOrderDetails };
if (Invoices.Count() > 0)
{
var sb = new StringBuilder("<h2>Invoice Details</h2><table border='1'><tr valign='top'><td>Address</td><td>Freight</td><td>Ship Date</td><td>Ship Method</td><td>Status</td><td>Items</td></tr>");
//using foreach to improve performance
foreach (var Invoice in Invoices)
{
var sb_Items = new StringBuilder();
//inline expression
foreach (var Item in Invoice.SalesOrderDetails.Select(p => p.Product.Name).OrderBy(p => p))
{
sb_Items.AppendBR(Item);
}
//AppendItemsToTable is an extension to promote reuse
sb.AppendItemsToTable(Invoice.p.Address.AddressLine1 + "<br />" + Invoice.p.Address.AddressLine2,
Invoice.p.Freight, Invoice.p.ShipDate, Invoice.p.ShipMethod, Invoice.p.Status, sb_Items);
}
sb.Append("</table>");
lbl.Text = sb.ToString();
}
else
{
lbl.Text = "No Invoices";
}
}
}
protected void btn_Update_Click(object sender, EventArgs e)
{
using (var db = new Solution.AdventureWorksEntities())
{
//var records = from p in db.Addresses
// where p.City.Contains("chi")
// select p;
var records = from p in db.ProductCategories
where p.ParentProductCategoryID == null
orderby p.Name
select p;
foreach (var r in records)
r.ModifiedDate = DateTime.Now;
db.SaveChanges();
}
BindData();
}
void BindData()
{
using (var db = new Solution.AdventureWorksEntities())
{
//var records = from p in db.ProductCategories
// where p.ParentProductCategoryID==null
// orderby p.Name
// select p;
var records = from p in db.Products
orderby p.Name
select p.Name p.ProductNumber p.Color p.ModifiedDate p.ProductID;
//select ProductCategoryID as ID, Name as Text from ProductCategory
//where ParentProductCategoryID is null order by Name
//SELECT [Name], [ProductNumber], [Color], [ModifiedDate], [ProductID] FROM [Product] ORDER BY [Name]
GV.DataSource = records;
GV.DataBind();
}
}
