sheikh-k
11/3/2016 - 1:07 PM

Parameterized Query.cs

Parameterized Query.cs
content_copyfile_download
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Data.SqlClient;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;

namespace Parameterized_Query
{
    public partial class Form1 : Form
    {
        //HELP::: (paramterized query) http://www.dotnetperls.com/sqlparameter
        public Form1()
        {
            InitializeComponent();
        }

        private void btnInsert_Click(object sender, EventArgs e)
        {
            Student aStudent = new Student(txtName.Text, txtReg.Text, txtAddress.Text);

            if (SaveStudent_Way1(aStudent)) MessageBox.Show("Student Saved to Database Successfully");            
            else  MessageBox.Show("Failed to insert");
        }

        private bool SaveStudent_Way1(Student aStudent)
        {
            string connectionString = @"Server=(local); " + "Database=UniversityDB; " + "Integrated Security=TRUE;";
            SqlConnection connection = new SqlConnection(connectionString);

            string query = "INSERT INTO tbl_student VALUES(@Name, @Reg, @Address)";

            SqlCommand command = new SqlCommand(query, connection);
            command.Parameters.Add(new SqlParameter("@Name", aStudent.Name));
            command.Parameters.Add(new SqlParameter("@Reg", aStudent.Reg));
            command.Parameters.Add(new SqlParameter("@Address", aStudent.Address));

            connection.Open();
            int rowAffected = command.ExecuteNonQuery();
            return rowAffected > 0;
        }

        private bool SaveStudent_Way2(Student aStudent)
        {
            string connectionString = @"Server=(local); " + "Database=UniversityDB; " + "Integrated Security=TRUE;";
            SqlConnection connection = new SqlConnection(connectionString);

            string query = String.Format("INSERT INTO tbl_student VALUES('{0}', '{1}', '{2}');", aStudent.Name, aStudent.Reg, aStudent.Address);

            SqlCommand command = new SqlCommand(query, connection);

            connection.Open();
            int rowAffected = command.ExecuteNonQuery();
            connection.Close();
            return rowAffected > 0;
        }

        private bool FindStudent(string stAddress)
        {
            //SOURCE: http://www.dotnetperls.com/sqlparameter

            string connectionString = @"Server=(local); " + "Database=UniversityDB; " + "Integrated Security=TRUE;";
            using (SqlConnection connection = new SqlConnection(connectionString))
            {
                connection.Open();

                using (SqlCommand command = new SqlCommand("SELECT * FROM tbl_student WHERE Address LIKE @Address", connection))
                {
                    command.Parameters.Add(new SqlParameter("Address", stAddress));

                    SqlDataReader reader = command.ExecuteReader();
                    string str = "";
                    while (reader.Read())
                    {
                        str += reader.GetInt32(0)+" , " + reader.GetString(1) + " , " + reader.GetString(2) + " , " + reader.GetString(3) + "\n";
                    }
                    if (!str.Equals("")) MessageBox.Show("Students of "+stAddress+":\n\n"+str);
                    else MessageBox.Show("No Student of " + stAddress + " is found on \"UniversityDB.tbl_student\"");
                }
            }
            return true;
        }

        private void btnFind_Click(object sender, EventArgs e)
        {
            FindStudent(txtAddressFind.Text);
        }
    }

    

    class Student
    {
        public string Name { get; set; }
        public string Reg { get; set; }
        public string Address { get; set; }

        public Student(string name, string reg, string address)
        {
            Name = name;
            Reg = reg;
            Address = address;
        }
    }
}