Getting data from a query and placing the result in a label._问答_开发者

Getting data from a query and placing the result in a label.

开发者 https://www.devze.com 2023-01-04 10:05 出处：网络

I want to populate a label with the employees name when they enter a badg开发者_如何学Ce number in the source page but im new to programming and don\'t know how to tackle this. The database connection

相关专题：asp.net

I want to populate a label with the employees name when they enter a badg开发者_如何学Ce number in the source page but im new to programming and don't know how to tackle this. The database connection has been established and it is successful. can you guys help me with this? just an fyi this is for a time sheet application.

        string Badge = "100000" + Request.Form["xBadgeTextBox"];
        string Date = Request.Form["xWeekDropDownBox"];
        string Hours = Request.Form["xWlengthDropDownBox"];



        if (Badge != null)
        {

            string cmdquery = "SELECT EMPLOYEE_NAME FROM Employees WHERE Badge ='" + Badge + "'";

            OracleCommand cmd = new OracleCommand(cmdquery);
            cmd.Connection = conn;
            cmd.CommandType = CommandType.Text;


        }

Looks like you're on the right track. However, before you go any further:

SANITIZE YOUR INPUTS.

Right now you're taking user data that they typed in and are putting it straight into your query. If they typed in 10/10/2010'; DROP TABLE EMPLOYEE;' you're going to have a lot of explaining to do!

Okay, so with that out of the way, you need to execute your command and bind to the results (or iterate over the result rows if you need to modify anything). So the code looks more like this:

        OracleCommand cmd = new OracleCommand(cmdquery);
        cmd.Connection = conn;
        cmd.CommandType = CommandType.Text;
        using (OracleDataReader reader = cmd.ExecuteReader()){
            while (reader.Read())
            {
                myLabel.Text += reader["EMPLOYEE_NAME"];
            }
        }

You're a lot of the way there already, although there's a couple of things to address here.

You don't need to use the Request.Form syntax in ASP.NET, where you're reading the text from the controls on the form, you can say:

string Badge = "1000000" + xBadgeTextBox.Text;

Where you check if Badge has a value, it's always going to have a value because you're prepending the 1000000 to whatever is entered in the textbox, probably what you mean here is:

if (xBadgeTextBox.Text != String.Empty)

Building on from what you've already written, you've got the OracleCommand ready, you just need to actually run it on the database. There's a number of ways to do this, the main two are to use either a DataReader, or a DataSet. With a DataReader, you get a row at a time from the database; with a DataSet, you get all the rows from a query in one hit. However in your query, I'm guessing you're only expecting one row back from the database with only one field, so instead of either of those methods we'll use a third way which is to get a scalar (single) value.

string cmdquery = "SELECT EMPLOYEE_NAME FROM Employees WHERE Badge ='" + Badge + "'";

OracleCommand cmd = new OracleCommand(cmdquery);
cmd.Connection = conn;
cmd.CommandType = CommandType.Text

// Open the connection to the database
conn.Open();

// Declare a variable to hold the employee name
string employeeName;

// ExecuteScalar returns an Object, so we need to cast it to a string
employeeName = (string)cmd.ExecuteScalar();

// Close the connection again
conn.Close();

// Write the employee name into the label on our page
EmployeeNameLabel.Text = employeeName;