Using Parameters with the ObjectDataSource Control
using System;
using System.Data;
using System.Data.SqlClient;
using System.Web.Configuration;
public class Products
{
private readonly string _conString;
public void UpdateProduct(int id, string title, string director, DateTime dateReleased)
{
SqlConnection con = new SqlConnection(_conString);
SqlCommand cmd = new SqlCommand();
cmd.Connection = con;
cmd.CommandText = "UPDATE Products SET Title=@Title,Director=@Director,DateReleased=
cmd.Parameters.AddWithValue("@Title", title);
cmd.Parameters.AddWithValue("@Director", director);
cmd.Parameters.AddWithValue("@DateReleased", dateReleased);
cmd.Parameters.AddWithValue("@Id", id);
using (con)
{
con.Open();
cmd.ExecuteNonQuery();
}
}
public SqlDataReader GetProducts()
{
SqlConnection con = new SqlConnection(_conString);
SqlCommand cmd = new SqlCommand();
cmd.Connection = con;
cmd.CommandText = "SELECT Id,Title,Director,DateReleased FROM Products";
con.Open();
return cmd.ExecuteReader(CommandBehavior.CloseConnection);
}
public Products()
{
_conString = WebConfigurationManager.ConnectionStrings["Products"]. ConnectionString;
}
}
File: Web.config
<configuration>
<connectionStrings>
<add name="Products"
connectionString="Data Source=.\SQLEXPRESS;
AttachDbFilename=|DataDirectory|MyDatabase.mdf;Integrated Security=True;User Instance=True" />
</connectionStrings>
</configuration>
File: Default.aspx
<%@ Page Language="C#" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1" runat="server">
<title>Show Products</title>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:GridView
id="grdProducts"
DataSourceID="srcProducts"
DataKeyNames="Id"
AutoGenerateEditButton="true"
Runat="server" />
<asp:ObjectDataSource
id="srcProducts"
TypeName="Products"
SelectMethod="GetProducts"
UpdateMethod="UpdateProduct"
Runat="server"/>
</div>
</form>
</body>
</html>
Related examples in the same category