ASP.NET 09 - ADO.NET

Overview ,[object Object],[object Object],[object Object],[object Object]

Introducing ADO.NET ,[object Object],[object Object],[object Object]

ADO.NET data providers ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

ADO.NET data providers ,[object Object],[object Object],[object Object],[object Object],[object Object]

Abstract Base Classes of a Data Provider Class Description DbCommand Executes a data command, such as a SQL statement or a stored procedure. DbConnection Establishes a connection to a data source. DbDataAdapter Populates a DataSet from a data source. DbDataReader Represents a read-only, forward-only stream of data from a data source.

Using Data Provider Classes ,[object Object],[object Object],[object Object],[object Object]

DBConnection ,[object Object],[object Object],[object Object]

DBConnection ,[object Object],[object Object],[object Object],[object Object]

Connection Strings ,[object Object],[object Object],[object Object],[object Object],name1=value1; name2=value Provider=Microsoft.Jet.OLEDB.4.0;Data Source=c:atabc.mdb;

Programming a DbConnection ,[object Object],[object Object],[object Object],[object Object],[object Object],// Must use @ since string contains backslash characters string connString = @"Provider=Microsoft.Jet.OLEDB.4.0;Data Source=c:atabc.mdb;" OleDbConnection conn = new OleDbConnection(connString); conn.Open(); // Now use the connection … // all finished, so close connection conn.Close();

Exception Handling ,[object Object],[object Object],string connString = … OleDbConnection conn = new OleDbConnection(connString); try { conn.Open(); // Now use the connection … } catch (OleDbException ex) { // Handle or log exception } finally { if (conn != null) conn.Close(); }

Alternate Syntax ,[object Object],[object Object],[object Object],using (OleDbConnection conn = new OleDbConnection(connString)) { conn.Open(); // Now use the connection … }

Storing Connection Strings ,[object Object],<configuration> <connectionStrings> <add name="Books" connectionString="Provider=…" /> <add name="Sales" connectionString="Data Source=…" /> </connectionStrings> <system.web> … </system.web> </configuration> string connString = WebConfigurationManager.ConnectionStrings["Books"].ConnectionString;

Connection Pooling ,[object Object],[object Object],[object Object],[object Object]

Connection Pooling ,[object Object],[object Object]

DbCommand ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Programming a DbCommand ,[object Object],[object Object],[object Object],string connString = "…" OleDbConnection conn = new OleDbConnection(connString); // create a command using SQL text string cmdString = "SELECT Id,Name,Price From Products"; OleDbCommand cmd = new OleDbCommand(cmdString, conn); conn.Open(); ...

Executing a DbCommand ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Using DbParameters ,[object Object],[object Object],[object Object],[object Object]

Why String Building is Bad ,[object Object],[object Object],[object Object],[object Object],[object Object],// Do not do this string sql = "SELECT * FROM Users WHERE User='" + txtUser.Text + "'";

SQL Injection Attack ,[object Object],[object Object],[object Object],[object Object],[object Object],string sql = "SELECT * FROM Users WHERE User='" + txtUser.Text + "'"; ' or 1=1 -- SELECT * FROM Users WHERE User='' OR 1=1 --' '; DROP TABLE customers; --

DbParameter ,[object Object],[object Object],[object Object],[object Object]

Using a DbParameter ,[object Object],[object Object],[object Object],[object Object],[object Object],SqlParameter param = new SqlParameter("@user",txtUser.Text); string s = "select * from Users where UserId=@user"; SqlCommand cmd; … cmd.Parameters.Add(param);

Transactions ,[object Object],[object Object],[object Object]

Local Transasctions ,[object Object]

Local Transaction Steps ,[object Object],[object Object],[object Object],[object Object],[object Object]

Distributed Transactions ,[object Object],[object Object],[object Object],[object Object],[object Object]

Distributed transactions ,[object Object]

DbDataReader ,[object Object],[object Object],[object Object]

Programming a DbDataReader ,[object Object],[object Object],string connString = "…" OleDbConnection conn = new OleDbConnection(connString); string cmdString = "SELECT Id,ProductName,Price From Products"; OleDbCommand cmd = new OleDbCommand(cmdString, conn); conn.Open(); OleDBDataReader reader = cmd.ExecuteReader(); someControl.DataSource = reader ; someControl.DataBind(); reader.Close(); conn.Close();

Programming a DbDataReader ,[object Object],[object Object],[object Object],OleDBDataReader reader = cmd.ExecuteReader(); while ( reader.Read() ) { // process the current record } reader.Close();

Programming a DbDataReader ,[object Object],SELECT Id,ProductName,Price FROM Products // retrieve using column name int id = (int)reader["Id"]; string name = (string)reader["ProductName"]; double price = (double)reader["Price"]; // retrieve using a zero-based column ordinal int id = (int)reader[0]; string name = (string)reader[1]; double price = (double)reader[2]; // retrieve a typed value using column ordinal int id = reader.GetInt32(0); string name = reader.GetString(1); double price = reader.GetDouble(2);

DbDataAdapter ,[object Object],[object Object],[object Object],[object Object],[object Object]

Programming a DbDataAdapter DataSet ds = new DataSet(); // create a connection SqlConnection conn = new SqlConnection(connString); string sql = "SELECT Isbn,Title,Price FROM Books"; SqlDataAdapter adapter = new SqlDataAdapter(sql, conn); try { // read data into DataSet adapter.Fill(ds); // use the filled DataSet } catch (Exception ex) { // process exception }

Data provider-independent ADO.NET coding ,[object Object],[object Object],[object Object],OleDbConnection conn = new OleDbConnection(connString); … OleDbCommand cmd = new OleDbCommand(cmdString, conn); … OleDBDataReader reader = cmd.ExecuteReader(); … SqlConnection conn = new SqlConnection(connString); … SqlCommand cmd = new SqlCommand(cmdString, conn); … SqlDataReader reader = cmd.ExecuteReader(); …

Data provider-independent ADO.NET coding ,[object Object],DbConnection conn = new SqlConnection(connString);

Data provider-independent ADO.NET coding ,[object Object],[object Object],string invariantName = "System.Data.OleDb"; DbProviderFactory factory = DbProviderFactories.GetFactory(invariantName); DbConnection conn = factory.CreateConnection(); conn.ConnectionString = connString; DbCommand cmd = factory.CreateCommand(); cmd.CommandText = "SELECT * FROM Authors"; cmd.Connection = conn;

Data Source Controls ,[object Object],[object Object],[object Object],[object Object]

Data Source Controls ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Using Data Source Controls ,[object Object],<asp:AccessDataSource ID=" dsBooks " runat="server" DataFile="App_Data/BookCatalogSystem.mdb" SelectCommand="Select AuthorId,AuthorName from Authors" /> <asp:DropDownList ID="drpAuthors" runat="server" DataSourceID="dsBooks" DataTextField="AuthorName" /> <asp:SqlDataSource ID=" dsArt " runat="server" ConnectionString="<%$ ConnectionStrings:Books %>" ProviderName="System.Data.SqlClient" SelectCommand="Select AuthorId,AuthorName From Authors" /> <asp:DropDownList ID="drpAuthors" runat="server" DataSourceID="dsArt" DataTextField="AuthorName" />

Using Parameters ,[object Object],[object Object],[object Object],<asp:SqlDataSource ID="dsArt" runat="server" ConnectionString="<%$ ConnectionStrings:Books %>" SelectCommand="Select AuthorId,AuthorName From Authors" > <SelectParameters> Parameter control definitions go here </SelectParameters> </asp:SqlDataSource>

Parameter Types ,[object Object],[object Object],[object Object],[object Object],[object Object]

Parameter Control Types ,[object Object],Property Description ControlParameter Sets the parameter value to a property value in another control on the page. CookieParameter Sets the parameter value to the value of a cookie. FormParameter Sets the parameter value to the value of a HTML form element. ProfileParameter Sets the parameter value to the value of a property of the current user profile. QuerystringParameter Sets the parameter value to the value of a query string field. SessionParameter Sets the parameter value to the value of an object currently stored in session state.

Using Parameters <asp:DropDownList ID=" drpPublisher " runat="server" DataSourceID="dsPublisher" DataValueField="PublisherId" DataTextField="PublisherName" AutoPostBack="True"/> … <asp:SqlDataSource ID="dsBooks" runat="server" ProviderName="System.Data.OleDb" ConnectionString="<%$ ConnectionStrings:Catalog %>" SelectCommand="SELECT ISBN, Title FROM Books WHERE PublisherId=@Pub "> <SelectParameters> <asp:ControlParameter ControlID="drpPublisher" Name="Pub" PropertyName="SelectedValue" /> </SelectParameters> </asp:SqlDataSource>

How do they work? ,[object Object],[object Object],[object Object]

Data Source Control Issues ,[object Object],[object Object],[object Object],[object Object],[object Object]

Data Source Control Issues ,[object Object],[object Object],[object Object]

ObjectDataSource ,[object Object],[object Object],[object Object],[object Object],[object Object]

Using the ObjectDataSource ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],<asp:ObjectDataSource ID="objCatalog" runat="server" SelectMethod="GetAll" TypeName="PublisherDA" />

ASP.NET 09 - ADO.NET

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (18)

Similar to ASP.NET 09 - ADO.NET

Similar to ASP.NET 09 - ADO.NET (20)

More from Randy Connolly

More from Randy Connolly (20)

Recently uploaded

Recently uploaded (20)

ASP.NET 09 - ADO.NET