Click here to Skip to main content
15,301,841 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more: , +
hi
Any one can tell me am i right or not

I developed a software of payroll in asp.net 3.5
i use sql 2005,i use class to insert,update,delete.Code is like that
************
C#
public static SqlConnection con = new SqlConnection(@"Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\Business_Medical.mdf;Integrated Security=True;User Instance=True");
public static string Qurrystring;
 
public static void Save(string Qurrystring)
   {      
       con.Close();
       con.Open();
      SqlCommand cmd=new SqlCommand(Qurrystring,con);
      cmd.ExecuteNonQuery();
      cmd.Dispose();
      con.Close();
    }
public static void Modify(string Qurrystring)
   {
       con.Close();
       con.Open();
       SqlCommand cmd = new SqlCommand(Qurrystring, con);
       cmd.ExecuteReader();
       cmd.Dispose();
       con.Close();
   }


when i want to insert any record that time i do in my .aspx file

HTML
Main.Qurrystring = "INSERT INTO CityMaster(code,ename)VALUES("+Convert.ToInt16(txtcode.Text)+","+ txtename.Text +");
Main.Save(Main.Qurrystring);

Is that right way to develop dynamic website.
Posted
Updated 19-Aug-13 1:43am
v2

Sorry, but you're doing it in wrong way. Why? Have ever heard about SQLInjection[^]? If not, please read these articles:
How To: Protect From SQL Injection in ASP.NET[^]
Stop SQL Injection Attacks Before They Stop You[^]

I would suggest you to use stored procedures.
For further information see here: could not open sql server connection[^]
   
v2
Use this method to avoid from SQL injection
C#
public static void Save()
{
            String Query=("INSERT INTO CityMaster(code,ename)VALUES(@code,@ename");
            SqlConnection Connection=new SqlConnection("Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\Business_Medical.mdf;Integrated Security=True;User Instance=True");
            SqlCommand Command = new SqlCommand(Query, Connection);
            Command.CommandTimeout = 30;
            Command.CommandType = CommandType.Text;
            Command.Parameters.AddWithValue("@code", txtcode.Text);//This is Parameter
            Command.Parameters.AddWithValue("@ename", txtename.Text);
            Command.ExecuteNonQuery();        
           Connection.Close();
}
   
Comments
dhiraj mane 20-Aug-13 7:35am
   
thanks bro but u can tell me why to use store procedures or inline query
Ali Haider Malik 20-Aug-13 7:47am
   
Is this was helpful for you?
store procedures save you from Hackers SQL injections.
dhiraj mane 20-Aug-13 7:51am
   
ok
can i use asp.net to develop ERP Software like 'Payroll'
Ali Haider Malik 20-Aug-13 8:01am
   
Yes why not. You can do everything which is possible in web development world.
dhiraj mane 21-Aug-13 2:44am
   
ok but it work faster?
what should i use to work fast?
dhiraj mane 21-Aug-13 2:54am
   
but it work faster?
what should i do to make it fast?
dhiraj mane 21-Aug-13 2:53am
   
but it work faster?
what should do to work fast?
Bala Selvanayagam 21-Aug-13 4:39am
   
You could use ASP.net(web forms) for payroll development and there are pros & cons. You may not be able to have rich UI features as windows environment unless you use some javascript frame works. Also the web forms needs to be post back most of the time and this may or may not be ideal for you.


If i were you, I will look into the reasons why the application should be web/ windows based

If it is going to be web then will use MVC based single page application with javascript frame works like Angular / knockout for rich user experience.

The performance of the web application is depends on your hosting environment and your optimisation of coding
thanks but how to use stored procedures and why? do u have any example project link?
   
v2
Comments
Maciej Los 19-Aug-13 8:07am
   
This is not an answer. Please delete it to avoid down-voting. If you want to post a comment, please, use "Have a question or comment" widget.
dhiraj mane 20-Aug-13 5:06am
   
thanks but how to use stored procedures and why? do u have any example project link?
Maciej Los 20-Aug-13 5:12am
   
See updated answer ;)
dhiraj mane 20-Aug-13 7:43am
   
can i use asp.net to develop ERP Software like 'Payroll'
dhiraj mane 21-Aug-13 2:55am
   
but it work faster?
what should i do to make it fast?
but it work faster?
what should i do to make it fast?
   

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900