How we pass or add parameters in SQLCommand class?
For beginners it is like:
SqlCommand cmd=new SqlCommand("SQL Query",con);
But with dictionary collection it can be done very easily where we can keep logic in separate layer.Here is an example.
in code behind let's declare a dictionary.
Dictionary<string, object> parameters = new Dictionary<string, object>();
Add parameters
parameters.Add("@name",txtName.Text);
dal.ExecNonQuery("insertrecord", parameters);
Here 'insertrecord' is stored procedure name and we pass parameter as object.
Now Let's have the implementation of this ExecNonQuery method.
public void ExecNonQuery(string spName, Dictionary<string, object> values)
{
try
{
SqlCommand cmd = new SqlCommand(spName, conn);
cmd.CommandType = CommandType.StoredProcedure;
cmd.CommandText = spName;
foreach (string item in values.Keys)
{
SqlParameter param = new SqlParameter(item, values[item]);
cmd.Parameters.Add(param);
}
cmd.ExecuteNonQuery();
}
catch (Exception ex)
{
throw new Exception();
}
finally
{
conn.Close();
conn.Dispose();
}
}
Now let's have the implementation of SqlDataReader also.
public SqlDataReader ExecSPDataReader(string spName, Dictionary<string, object> values)
{
SqlConnection conn = null;
SqlDataReader dr = null;
try
{
con = new SqlConnection("Your connection string");
con.Open();
SqlCommand cmd = new SqlCommand(spName, con);
cmd.CommandType = CommandType.StoredProcedure;
cmd.CommandText = spName;
foreach (string item in values.Keys)
{
SqlParameter param = new SqlParameter(item, values[item]);
cmd.Parameters.Add(param);
}
dr = cmd.ExecuteReader();
}
catch
{
}
finally
{
con.Close();
con.Dispose();
}
return dr;
}
Now similarly we can define ExecuteScalar also
public object ExecSPScalar(string spName, Dictionary<string, object> values)
{
object returnVal= null;
try
{
conn = ConfigurationManager.AppSettings["Your DB Connection"].ToString();
con = new SqlConnection(conn);
con.Open();
SqlCommand cmd = new SqlCommand(spName, con);
cmd.CommandType = CommandType.StoredProcedure;
cmd.CommandText = spName;
foreach (string item in values.Keys)
{
SqlParameter param = new SqlParameter(item, values[item]);
cmd.Parameters.Add(param);
}
returnVal= cmd.ExecuteScalar();
}
catch (Exception ex)
{
throw new Exception();
}
finally
{
con.Close();
con.Dispose();
}
return returnVal;
}
Now how to call it from code behind?
Dictionary<string, object> parameters = new Dictionary<string, object>();
parameters.Add("@username",txtUserName.Text);
parameters.Add("@password",txtPassword.Text);
object value = dal.ExecSPScalar("SPName", parameters);
if ((int)value== 1)
{
Session["User"] = txtUserName.Text;
Response.Redirect("Welcome.aspx");
}
Hope this helps.
For beginners it is like:
SqlCommand cmd=new SqlCommand("SQL Query",con);
But with dictionary collection it can be done very easily where we can keep logic in separate layer.Here is an example.
in code behind let's declare a dictionary.
Dictionary<string, object> parameters = new Dictionary<string, object>();
Add parameters
parameters.Add("@name",txtName.Text);
dal.ExecNonQuery("insertrecord", parameters);
Here 'insertrecord' is stored procedure name and we pass parameter as object.
Now Let's have the implementation of this ExecNonQuery method.
public void ExecNonQuery(string spName, Dictionary<string, object> values)
{
try
{
SqlCommand cmd = new SqlCommand(spName, conn);
cmd.CommandType = CommandType.StoredProcedure;
cmd.CommandText = spName;
foreach (string item in values.Keys)
{
SqlParameter param = new SqlParameter(item, values[item]);
cmd.Parameters.Add(param);
}
cmd.ExecuteNonQuery();
}
catch (Exception ex)
{
throw new Exception();
}
finally
{
conn.Close();
conn.Dispose();
}
}
Now let's have the implementation of SqlDataReader also.
public SqlDataReader ExecSPDataReader(string spName, Dictionary<string, object> values)
{
SqlConnection conn = null;
SqlDataReader dr = null;
try
{
con = new SqlConnection("Your connection string");
con.Open();
SqlCommand cmd = new SqlCommand(spName, con);
cmd.CommandType = CommandType.StoredProcedure;
cmd.CommandText = spName;
foreach (string item in values.Keys)
{
SqlParameter param = new SqlParameter(item, values[item]);
cmd.Parameters.Add(param);
}
dr = cmd.ExecuteReader();
}
catch
{
}
finally
{
con.Close();
con.Dispose();
}
return dr;
}
Now similarly we can define ExecuteScalar also
public object ExecSPScalar(string spName, Dictionary<string, object> values)
{
object returnVal= null;
try
{
conn = ConfigurationManager.AppSettings["Your DB Connection"].ToString();
con = new SqlConnection(conn);
con.Open();
SqlCommand cmd = new SqlCommand(spName, con);
cmd.CommandType = CommandType.StoredProcedure;
cmd.CommandText = spName;
foreach (string item in values.Keys)
{
SqlParameter param = new SqlParameter(item, values[item]);
cmd.Parameters.Add(param);
}
returnVal= cmd.ExecuteScalar();
}
catch (Exception ex)
{
throw new Exception();
}
finally
{
con.Close();
con.Dispose();
}
return returnVal;
}
Now how to call it from code behind?
Dictionary<string, object> parameters = new Dictionary<string, object>();
parameters.Add("@username",txtUserName.Text);
parameters.Add("@password",txtPassword.Text);
object value = dal.ExecSPScalar("SPName", parameters);
if ((int)value== 1)
{
Session["User"] = txtUserName.Text;
Response.Redirect("Welcome.aspx");
}
Hope this helps.