C# ПІДРУЧНИКИ / c# / Hungry Minds - ASP.NET Bible VB.NET & C#

The client programs can access data from the tables stored on a SQL server or communicate with a SQL server by using a form of SQL called Transact SQL (T-SQL). You can create a table by using the Create Table statement, shown as follows:

Create Table Products

(

ProductID VarChar (4) Primary Key,

ProductName VarChar (20),

UnitPrice Money,

QtyAvailable Integer

)

The next two sections give a brief overview of the T-SQL statements to retrieve, insert, modify, and delete data in tables.

Retrieving data from a SQL database

You can retrieve information stored in tables by using the Select statement. The syntax is as follows:

Select Column1, Column2,..., ColumnN

From Table

In this statement:

§ColumnN: Represents the name of a column in the table from which the information needs to be retrieved. A comma separates the different column names.

§Table: Represents the name of the table.

You can also retrieve information from all the columns of a table by using the following statement:

Select *

From Table

In the preceding statement, * represents all the columns of the table.

If you want to retrieve only specific rows from a table, you need to specify a condition in the Select statement. You can specify a condition by using the Where clause, as follows:

Select *

From Table

Where ColumnN="Value"

In this statement, only those rows will be retrieved where the column has a specific value. For example, to retrieve the information from the Products table for a product called "cinnamon," use the following statement:

Select *

From Products

Where ProductName = "cinnamon"

Inserting, updating, and deleting data in a SQL database

You might need to add a new row to a table in a SQL database. For example, suppose you need to add to the Products table a new row for a new product. To add a row to a table, use the following statement:

Insert Into Table

Values (Column1_Value, Column2_Value, ..., ColumnN_Value)

In this syntax:

§Table: Represents the table in which the row needs to be inserted.

§Values: Takes the column values for the new row as parameters.

§ColumnN_Value: Represents the value to be inserted in the column with name ColumnN.

The values must be supplied in the same order as the columns in the table. Also, if the data type of a column is Char, VarChar, or DateTime, you need to specify values in quotes.

For example, to insert a row in the Products table, write the following statements:

Insert into Products

Values ('P001', 'Baby Food', 2.5, 1200)

Here, it is important to note that for every row that you want to insert in a table, you need to use a separate insert statement. So, to insert another row in the Products table, write the following statements:

Insert into Products

Values ('P002', 'Chocolate', 4.5, 1000)

In addition to adding a row to a table, you might need to modify the value in a specific column of a row. For example, you might need to modify the price of a specific product in the Products table. You use the Update statement to modify specific column(s) of a specific row of a table as follows:

Update Table

Set ColumnN="Value1"

Where ColumnM="Value2"

In this statement, the Set clause is used to set the value of a column named ColumnN to "Value1" where the column named ColumnM has a value "Value2". For example, to update the price of a product whose ID is P001, use the following statement:

Update Products

Set UnitPrice=25

Where ProductID="P001"

You might also need to delete a specific row in a table. For example, you might need to delete a specific product in the Products table. To do so, you use the Delete statement as follows:

Delete From Table

Where ColumnN="Value"

Stored procedures

A stored procedure is a set of SQL statements used to perform specific tasks. A stored procedure resides on the SQL server and can be executed by any user who has the appropriate permissions. Because the stored procedures reside on the SQL server, you do not need to transfer SQL statements to the server each time you want to perform a task on the server. This reduces the network traffic. When you want to execute a procedure, you only need to transfer the name of the procedure. However, if the procedure takes any parameters, you also need to transfer the parameters along with the procedure name.

You can create a stored procedure by using the Create Procedure statement as follows:

Create Procedure ProcName

As

SQL statements

Return

In this statement:

§ProcName: Represents the name of the stored procedure.

§SQL statements: Represents the set of SQL statements in the stored procedure.

§Return: Represents the end of the procedure. Each stored procedure must end with a Return statement.

After the stored procedure is created, the SQL server scrutinizes it for any errors. The procedure can be executed by using the Execute or Exec keyword, as follows:

Execute ProcName

You can also pass parameters or arguments to a stored procedure to perform a specific task based on the parameter. For example, consider the following procedure that displays the price of a product whose ID is passed as a parameter:

Create Procedure ProductPrice (@id char (4))

As

Select UnitPrice

From Products Where ProductID=@id

Return

This procedure takes a parameter, @id, at the time of execution. To display the price of the product whose ID is "P001", execute this procedure using the following code:

Execute ProductPrice "P001"

Implementing T-SQL in Web Applications

Many situations require Web applications to retrieve, add, modify, and delete data stored in a database on a server. For example, consider a Web application that enables users to register as customers. When a customer fills out the Registration form and submits it, the customer registration information must be stored in a database on a server so as to maintain the registered customer's records. After the registration, the customer might need to change their customer details, such as telephone number or address. Later, the customer might want to discontinue purchasing from the same store. In such a situation, the Web application must take care of addition, modification, and deletion of data in the respective database on a server.

In this section, you'll create a Web application to retrieve, add, modify, and delete data in a table stored on a SQL server. You can choose to use either Visual Basic or C# to do so. In the following example, you'll create a Visual Basic Web application project. Figure 12-1 displays the schematic diagram of the tables used to illustrate the server-side data access from a Web application.

Figure 12-1: A schematic diagram of the Sales database

Before you start implementing T-SQL in your Web application, create the tables as shown in the preceding schematic diagram. Also, add records in the Products and Customers tables. You can refer to Figure 12-2 and Figure 12-3 to add records in the Products and Customers tables.

Figure 12-2: A sample Order form

After creating the ASP.NET Web Application project, design two Web Forms as shown in Figure 12-2 and Figure 12-3. The Order form will enable customers on the Web to place orders for products. Refer to Table 12-2 to specify IDs for the controls (that are used in code examples) on the Order form. In this form, you'll implement the functionality to view the complete product list or to view the details of a specific product. For this to happen, you'll access data from the Products table in a database called "Sales" stored on a SQL server.

Figure 12-3: A sample Customer form

'Initializing the SqlConnection object

MyConnection = New SqlConnection ("server=localhost; uid=sa;pwd=;database=Sales")

'Initializing the SqlDataAdapter object with the SQL 'query to access data from the Products table

MyCommand = New SqlDataAdapter("select * from Products",

MyConnection)

'Initializing the DataSet object and filling the data set with the query result

DS = new DataSet()

MyCommand.Fill(DS,"Products")

'Setting the DataSource property of the DataGrid control

MyDataGrid.DataSource=DS.Tables("Products").DefaultView

'Binding the DataGrid control with the data

MyDataGrid.DataBind()

In this code, the comments provide explanation for the statements that follow. However, some statements need more explanation:

§When initializing the SqlConnection object, the constructor takes four parameters:

oThe first parameter, which represents the SQL Server, is localhost, indicating that the server resides on the local computer. However, if the SQL server resides on a

network, you need to give its complete address.

oThe uid and pwd parameters represent the User ID and Password on the SQL Server.

oThe database parameter represents the name of the SQL database that you want to access. In this case, the database is "Sales."

§When initializing the SqlDataAdapter object, the constructor takes two parameters:

o The first parameter represents the SQL query. In

this case, the query is used to retrieve all the records from the Products table.

oThe second parameter represents the

SqlConnection object.

§The Fill method of the SqlDataAdapter class is used to fill the

DataSet object with the data. This method takes two parameters: § The DataSet object

§ The identifier for the DataTable

§When setting the DataSource property of the DataGrid control, the default view of the Products table in the DataSet object is used.

After you write the respective code, save the project and execute it. When you click the button with the "View Product List" caption, the product details are displayed in the DataGrid control.

Now, you'll implement the functionality to display the product details of only that product whose ID is entered in the Product ID text box. To do so, write the following code in the Click event of the button labeled "View Product Details":

Dim DS As DataSet

Dim MyConnection As SqlConnection

Dim MyCommand As SqlDataAdapter

'Initializing a String variable with the SQL query to

be passed as a

'parameter for the SqlDataAdapter constructor

Dim SelectCommand As String = "select * from Products

where ProductID = @prod"

MyConnection = New SqlConnection("server=localhost;

uid=sa;pwd=;database=Sales")

MyCommand = New SqlDataAdapter(SelectCommand, MyConnection)

'Creating a SQL parameter called @prod whose data

type is VarChar with size 4

MyCommand.SelectCommand.Parameters.Add(New SqlParameter

("@prod", SqlDbType.NVarChar, 4))

'Setting the SQL parameter @prod with the value of the

text box displaying Product ID

MyCommand.SelectCommand.Parameters("@prod").Value =

Product_ID.Text

DS = New DataSet()

MyCommand.Fill(DS, "Products")

MyDataGrid.DataSource = DS.Tables("Products").DefaultView

MyDataGrid.DataBind()

After you've written this code, save the project and execute it to check the desired functionality.