Tuesday, 4 December 2012

Using Sql Parameter in Connected Mode


Using Sql Parameter in Connected Mode

// Sql Parameter in Connected Mode...

// To use Sql Parameter first of all you have to create a STORE PROCEDURE in Sql ...

 protected void bt1_Click(object sender, EventArgs e)
    {
        SqlConnection con = new SqlConnection("Data Source=deepak-pc;Initial Catalog=mydb;Integrated Security=True");
        SqlCommand cmd = new SqlCommand("getrecordbyid", con);
        cmd.CommandType = CommandType.StoredProcedure;
       
 
     
 
        SqlParameter p1 = new SqlParameter("@id", SqlDbType.Int);
        p1.Value = TextBox1.Text;
      
 
        cmd.Parameters.Add(p1);
      
 
        con.Open();
      SqlDataReader dr=  cmd.ExecuteReader();
      while (dr.Read())
      {
          Response.Write(dr[0]);
      }
        con.Close();

    }
  

Using Sql Parameter in DisConnected Mode


Using Sql Parameter in DisConnected Mode

// Sql Parameter in DisConnected Mode...

// To use Sql Parameter first of all you have to create a STORE PROCEDURE in Sql ...


  protected void Button1_Click(object sender, EventArgs e)
    {            
 
                   
 
       SqlConnection connection = new SqlConnection("Data Source=deepak-pc;Initial Catalog=mydb;Integrated Security=True");
     
 
       SqlCommand command = new SqlCommand();
        command.Connection = connection;
        command.CommandType = CommandType.StoredProcedure;
        command.CommandText = "getrecordbyid";
        SqlParameter p1 = new SqlParameter("@id",SqlDbType.Int);
        p1.Direction = ParameterDirection.Input;
        p1.Value = TextBox1.Text;
        command.Parameters.Add(p1);
        SqlDataAdapter adapter = new SqlDataAdapter(command);
        DataTable dt = new DataTable();
        adapter.Fill(dt);             
 
       
 
    }

Program to sending mail through program


Program to sending mail through program

//  program to send mail through program

 protected void Button2_Click(object sender, EventArgs e)
    {
        System.Net.Mail.MailMessage MyMailMessage = new System.Net.Mail.MailMessage("deepak.sonu786@gmail.com", "ravan_raj1857@yahoo.com",
        "This is the mail subject", "Just wanted to say Hello");

        MyMailMessage.IsBodyHtml = false;       
 

        System.Net.NetworkCredential mailAuthentication = new
        System.Net.NetworkCredential("deepak.sonu786@gmail.com", "deepudon");

        System.Net.Mail.SmtpClient mailClient = new System.Net.Mail.SmtpClient("smtp.gmail.com", 587);
    
        mailClient.EnableSsl = true;
        mailClient.UseDefaultCredentials = false;
        mailClient.Credentials = mailAuthentication;
        mailClient.Send(MyMailMessage);

    } 

Adding Connection String to Web.config


Adding Connection String to Web.config
// Adding connection String to web.config


<connectionStrings>
  <add name="con" connectionString="Data Source=DEEPAK-PC;Initial Catalog=Test;Integrated Security=True"/>
 </connectionStrings>
// Using Connection on .cs page

using system.data.sqlclint;

on Button_click event
{
string s=  System.Web.Configuration.WebConfigurationManager.ConnectionStrings["con"].ConnectionString;
}

Sql Parameter & Injection




Sql Parameter & Injection

Sql Parameter :- To prevent Sql injection we use sql parameter.Sql Injection :- fetching the values from database to make condition true illegally called sql injection.
                         example:- sql satement--- select * from [table name] where [column name]=[condition];
                   Condition with Sql Injection------select * from [table name] where [column name]= 1 or 1=1 ;

                                   The statement will always true..


     see next for detailed code information...