SQLDataAccess and Business Objects

Level Extreme platform

Subscription

Corporate profile

Products & Services

Support

Legal

Français

SQLDataAccess and Business Objects

Message

From

11/05/2004 09:47:49

Shawn Dorion
GeoSektor.com/Applications4u.com
Cardinal, Ontario, Canada

All

General information

Forum:

ASP.NET

Category:

The Mere Mortals .NET Framework

Title:

SQLDataAccess and Business Objects

Miscellaneous

Thread ID:

00902803

Message ID:

00902803

Views:

Hi everyone, I am still a newbie to MM and .net. I am trying to get my MM.net webform to data bind to my client business object.
I went through the process of adding a data adapter instead of using the MM basic way of getting data. From what I read users have the capability to inject SQL code from the text fields.

So here is the code can some one tell me what I am doing wrong.
Currently the form only has two fields, clientId and clientname client name is the only bound field with two set on.
I have pasted three code sections :

1: Webform Code
2: CleintBusiness.cs
3: ClientDataAccessSql.cs

MANY TIA's!!!

Code for webform

using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Web;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;

using OakLeaf.MM.Main.Web.UI;
using OakLeaf.MM.Main.Web.UI.WebControls;
using A4U.Internal.Business;

namespace A4U.Internal.Web.UI
{
	/// <summary>
	/// Summary description for WebForm1.
	/// </summary>
	public class WebForm1 : OakLeaf.MM.Main.Web.UI.mmBusinessWebPage
	{
		protected OakLeaf.MM.Main.Web.UI.WebControls.mmTextBox MmTextBox1;
		protected OakLeaf.MM.Main.Web.UI.WebControls.mmTextBox MmTextBox2;
		protected OakLeaf.MM.Main.Web.UI.WebControls.mmLabel MmLabel1;
		protected OakLeaf.MM.Main.Web.UI.WebControls.mmButton MmButton1;
		protected OakLeaf.MM.Main.Web.UI.WebControls.mmLabel MmLabel2;

		protected ClientBusiness oClients;


		public override void RedirectToLogin()
		{
			string Url = Request.ApplicationPath + "/App_ASPX/UserLogin.aspx?Url=" +
				Request.RawUrl;

			Response.Redirect(Url,true);
		}

		private void Page_Load(object sender, System.EventArgs e)
		{
			// Put user code to initialize the page here
			this.oClients = (ClientBusiness)this.RegisterBizObj(new ClientBusiness());
		}


		#region Web Form Designer generated code
		override protected void OnInit(EventArgs e)
		{
			//
			// CODEGEN: This call is required by the ASP.NET Web Form Designer.
			//
			InitializeComponent();
			base.OnInit(e);
		}
		
		/// <summary>
		/// Required method for Designer support - do not modify
		/// the contents of this method with the code editor.
		/// </summary>
		private void InitializeComponent()
		{    
			this.RequiresSecurity = true;
			this.Load += new System.EventHandler(this.Page_Load);

		}
		#endregion
	}
}

Code for ClientBusiness.cs

using System;
using System.Data;
using OakLeaf.MM.Main.Data;
using OakLeaf.MM.Main.Business;

namespace A4U.Internal.Business
{
	/// <summary>
	/// Summary description for ClientsBusiness.
	/// </summary>
	public class ClientBusiness : ABusinessObject
	{
		
		/// <summary>
		/// Main Stub that sets the Business Object Up
		/// </summary>
		public ClientBusiness()
		{
			this.PrimaryKey = "clientID";
			this.TableName = "Clients";
		}

		/// <summary>
		/// gets a new data access thread
		/// </summary>
		/// <param name="dataAccessClassName"></param>
		/// <returns></returns>
		protected override mmDataAccessBase CreateDataAccessObject(string dataAccessClassName)
		{
			return new ClientDataAccessSql();
		}

		/// <summary>
		/// Creates a business rule object
		/// </summary>
		/// <returns>Reference to the business rule object</returns>
		protected override mmBusinessRule CreateBusinessRuleObject()
		{
			return new ClientRules(this);
		}

		public DataSet GetClientsByClientID()
		{

		}

	}
}

Code for ClientDataAccessSql.cs

using System;
using System.ComponentModel;
using System.Collections;
using System.Diagnostics;
using System.Data;
using OakLeaf.MM.Main.Data;

namespace A4U.Internal.Business
{
	/// <summary>
	/// Summary description for ClientDataAccessSql.
	/// </summary>
	public class ClientDataAccessSql : mmDataAccessSql
	{
		private System.Data.SqlClient.SqlDataAdapter sqlDataAdapter1;
		private System.Data.SqlClient.SqlCommand sqlSelectCommand1;
		private System.Data.SqlClient.SqlCommand sqlInsertCommand1;
		private System.Data.SqlClient.SqlCommand sqlUpdateCommand1;
		private System.Data.SqlClient.SqlCommand sqlDeleteCommand1;
		/// <summary>
		/// Required designer variable.
		/// </summary>
		private System.ComponentModel.Container components = null;

		public override System.Data.IDataAdapter CreateDataAdapter()
		{
			return this.sqlDataAdapter1;
		}

		public ClientDataAccessSql(System.ComponentModel.IContainer container)
		{
			///
			/// Required for Windows.Forms Class Composition Designer support
			///
			container.Add(this);
			InitializeComponent();
		}

		public ClientDataAccessSql()
		{
			///
			/// Required for Windows.Forms Class Composition Designer support
			///
			InitializeComponent();

		}

		/// <summary> 
		/// Clean up any resources being used.
		/// </summary>
		protected override void Dispose( bool disposing )
		{
			if( disposing )
			{
				if(components != null)
				{
					components.Dispose();
				}
			}
			base.Dispose( disposing );
		}


		#region Component Designer generated code
		/// <summary>
		/// Required method for Designer support - do not modify
		/// the contents of this method with the code editor.
		/// </summary>
		private void InitializeComponent()
		{
			this.sqlDataAdapter1 = new System.Data.SqlClient.SqlDataAdapter();
			this.sqlSelectCommand1 = new System.Data.SqlClient.SqlCommand();
			this.sqlInsertCommand1 = new System.Data.SqlClient.SqlCommand();
			this.sqlUpdateCommand1 = new System.Data.SqlClient.SqlCommand();
			this.sqlDeleteCommand1 = new System.Data.SqlClient.SqlCommand();
			// 
			// sqlDataAdapter1
			// 
			this.sqlDataAdapter1.DeleteCommand = this.sqlDeleteCommand1;
			this.sqlDataAdapter1.InsertCommand = this.sqlInsertCommand1;
			this.sqlDataAdapter1.SelectCommand = this.sqlSelectCommand1;
			this.sqlDataAdapter1.TableMappings.AddRange(new System.Data.Common.DataTableMapping[] {
																									  new System.Data.Common.DataTableMapping("Table", "clients", new System.Data.Common.DataColumnMapping[] {
																																																				 new System.Data.Common.DataColumnMapping("ClientID", "ClientID"),
																																																				 new System.Data.Common.DataColumnMapping("ClientName", "ClientName")})});
			this.sqlDataAdapter1.UpdateCommand = this.sqlUpdateCommand1;
			// 
			// sqlSelectCommand1
			// 
			this.sqlSelectCommand1.CommandText = "SELECT ClientID, ClientName FROM clients";
			// 
			// sqlInsertCommand1
			// 
			this.sqlInsertCommand1.CommandText = "INSERT INTO clients(ClientName) VALUES (@ClientName); SELECT ClientID, ClientName" +
				" FROM clients WHERE (ClientID = @@IDENTITY)";
			this.sqlInsertCommand1.Parameters.Add(new System.Data.SqlClient.SqlParameter("@ClientName", System.Data.SqlDbType.VarChar, 200, "ClientName"));
			// 
			// sqlUpdateCommand1
			// 
			this.sqlUpdateCommand1.CommandText = "UPDATE clients SET ClientName = @ClientName WHERE (ClientID = @Original_ClientID)" +
				" AND (ClientName = @Original_ClientName OR @Original_ClientName IS NULL AND Clie" +
				"ntName IS NULL); SELECT ClientID, ClientName FROM clients WHERE (ClientID = @Cli" +
				"entID)";
			this.sqlUpdateCommand1.Parameters.Add(new System.Data.SqlClient.SqlParameter("@ClientName", System.Data.SqlDbType.VarChar, 200, "ClientName"));
			this.sqlUpdateCommand1.Parameters.Add(new System.Data.SqlClient.SqlParameter("@Original_ClientID", System.Data.SqlDbType.Int, 4, System.Data.ParameterDirection.Input, false, ((System.Byte)(0)), ((System.Byte)(0)), "ClientID", System.Data.DataRowVersion.Original, null));
			this.sqlUpdateCommand1.Parameters.Add(new System.Data.SqlClient.SqlParameter("@Original_ClientName", System.Data.SqlDbType.VarChar, 200, System.Data.ParameterDirection.Input, false, ((System.Byte)(0)), ((System.Byte)(0)), "ClientName", System.Data.DataRowVersion.Original, null));
			this.sqlUpdateCommand1.Parameters.Add(new System.Data.SqlClient.SqlParameter("@ClientID", System.Data.SqlDbType.Int, 4, "ClientID"));
			// 
			// sqlDeleteCommand1
			// 
			this.sqlDeleteCommand1.CommandText = "DELETE FROM clients WHERE (ClientID = @Original_ClientID) AND (ClientName = @Orig" +
				"inal_ClientName OR @Original_ClientName IS NULL AND ClientName IS NULL)";
			this.sqlDeleteCommand1.Parameters.Add(new System.Data.SqlClient.SqlParameter("@Original_ClientID", System.Data.SqlDbType.Int, 4, System.Data.ParameterDirection.Input, false, ((System.Byte)(0)), ((System.Byte)(0)), "ClientID", System.Data.DataRowVersion.Original, null));
			this.sqlDeleteCommand1.Parameters.Add(new System.Data.SqlClient.SqlParameter("@Original_ClientName", System.Data.SqlDbType.VarChar, 200, System.Data.ParameterDirection.Input, false, ((System.Byte)(0)), ((System.Byte)(0)), "ClientName", System.Data.DataRowVersion.Original, null));

		}
		#endregion
	}
}

Shawn Dorion
Geo Sektor Dot Com
Website: http://www.geosektor.com

Web Hosting Plans
Visit : http://WebHosting.Applications4u.com/

Map

View

Click here to load this message in the networking platform