Chapter 20

How to use ADO.NET to write your own data access code

Objectives Applied 1. Use a data reader to retrieve data from a database. 2. Use data commands to execute action queries or queries that

return a scalar value. 3. Use parameters to limit the data that’s processed by a data


Knowledge 1. Describe the use of parameters with SQL statements. 2. Describe the use of a data reader. 3. Describe the use of the two types of queries that don’t return

result sets.

Two constructors for the SqlConnection class new SqlConnection() new SqlConnection(connectionString)

Common properties and methods of the SqlConnection class ConnectionString Open() Close()

Common values used in the ConnectionString property for SQL Server Data source/Server Initial catalog/Database Integrated security User ID Password/Pwd Persist security info Workstation ID

A connection string for the SQL Server provider Data Source=localhost\\SqlExpress; Initial Catalog=MMABooks; Integrated Security=True

A connection string for the Jet OLE DB provider Provider=Microsoft.Jet.OLEDB.4.0; Data Source=C:\\Databases\\MMABooks.mdb

Code that creates, opens, and closes a SQL connection

string connectionString = "Data Source= localhost\\SqlExpress; Initial Catalog=MMABooks;" + "Integrated Security=True"; SqlConnection connection = new SqlConnection(connectionString); connection.Open(); ... connection.Close();

Three constructors for the SqlCommand class new SqlCommand() new SqlCommand(commandText) new SqlCommand(commandText, connection)

Common properties of the SqlCommand class Connection CommandText CommandType Parameters

Common methods of the SqlCommand class ExecuteReader() ExecuteNonQuery() ExecuteScalar()

CommandType enumeration members Text StoredProcedure TableDirect

Code that creates a SqlCommand object that executes a Select statement SqlConnection connection = new SqlConnection(connectionString); string selectStatement = "SELECT CustomerID, Name, Address, City, State, ZipCode " + "FROM Customers"; SqlCommand selectCommand = new SqlCommand(selectStatement, connection);

A SQL Server Select statement that uses a parameter

SELECT CustomerID, Name, Address, City, State, ZipCode FROM Customers WHERE CustomerID = @CustomerID

An Oracle Select statement that uses a parameter SELECT CustomerID, Name, Address, City, State, ZipCode FROM Customers WHERE CustomerID = :CustomerID

An OLE DB or ODBC Select statement that uses a parameter

SELECT CustomerID, Name, Address, City, State, ZipCode FROM Customers WHERE CustomerID = ?

A SQL Server Insert statement that uses parameters

INSERT INTO Customers (Name, Address, City, State, ZipCode) VALUES (@Name, @Address, @City, @State, @ZipCode)

Four constructors for the SqlParameter class new SqlParameter() new SqlParameter(name, value) new SqlParameter(name, type) new SqlParameter(name, type, size)

Common properties of the SqlParameter class DbType ParameterName Size SqlDbType Value

Code that creates a parameter SqlParameter customerIDParm = new SqlParameter(); customerIDParm.ParameterName = "@CustomerID"; customerIDParm.Value = customerID;

Another way to create a parameter SqlParameter customerIDParm = new SqlParameter("@CustomerID", customerID);

Common indexers of the Parameters collection [parametername] [index]

Common methods of the Parameters collection Add(parameter) Add(name, type) Add(name, type, size) AddWithValue(name, value)

A statement that adds a parameter to the Parameters collection


A statement that creates a parameter and adds it to the Parameters collection

selectCommand.Parameters.AddWithValue( "@CustomerID", customerID);

A statement that changes the value of an existing parameter

selectCommand.Parameters["@CustomerID"]. Value = customerID;

Two ways to create a SqlDataReader object sqlCommand.ExecuteReader() sqlCommand.ExecuteReader(behavior)

Common CommandBehavior enumeration members CloseConnection Default SingleRow

Common indexers of the SqlDataReader class [columnname] [index]

Common property of the SqlDataReader class IsClosed

Common methods of the SqlDataReader class Close() Read()

Code that uses a data reader to read a list of State objects

connection.Open(); SqlDataReader reader = selectCommand.ExecuteReader( CommandBehavior.CloseConnection); List<State> states = new List<State>(); while (reader.Read()) { State s = new State(); s.StateCode = reader["StateCode"].ToString(); s.StateName = reader["StateName"].ToString(); states.Add(s); } reader.Close();

Code that creates and executes a command that returns an aggregate value

string selectStatement = "SELECT SUM(InvoiceTotal) FROM Invoices"; SqlCommand selectCommand = new SqlCommand(selectStatement, connection); connection.Open(); decimal invoiceTotal = (decimal) selectCommand.ExecuteScalar; connection.Close();

Code that inserts a row string insertStatement = "INSERT Products " + "(ProductCode, Description, UnitPrice) " + "VALUES (@ProductCode, @Description, @UnitPrice)"; SqlCommand insertCommand = new SqlCommand(insertStatement, connection); insertCommand.Parameters.AddWithValue( "@ProductCode", product.Code); insertCommand.Parameters.AddWithValue( "@Description", product.Description); insertCommand.Parameters.AddWithValue( "@UnitPrice", product.Price); try { connection.Open(); int productCount = insertCommand.ExecuteNonQuery(); } catch (SqlException ex) { MessageBox.Show(ex.Message); } finally { connection.Close(); }

The Customer Maintenance form

The Add/Modify Customer form

The dialog box that’s displayed to confirm a delete operation

The class diagram

The code for the CustomerDB class public static class CustomerDB { public static Customer GetCustomer(int customerID) { SqlConnection connection = MMABooksDB.GetConnection(); string selectStatement = "SELECT CustomerID, Name, Address, City, State, ZipCode " + "FROM Customers " + "WHERE CustomerID = @CustomerID"; SqlCommand selectCommand = new SqlCommand(selectStatement, connection); selectCommand.Parameters.AddWithValue( "@CustomerID", customerID); try {

The code for the CustomerDB class (cont.) connection.Open(); SqlDataReader custReader = selectCommand.ExecuteReader( CommandBehavior.SingleRow); if (custReader.Read()) { Customer customer = new Customer(); customer.CustomerID = (int)custReader["CustomerID"]; customer.Name = custReader["Name"].ToString(); customer.Address = custReader["Address"].ToString(); customer.City = custReader["City"].ToString(); customer.State = custReader["State"].ToString(); customer.ZipCode = custReader["ZipCode"].ToString(); return customer; }

The code for the CustomerDB class (cont.) else { return null; } } catch (SqlException ex) { throw ex; } finally { connection.Close(); } }

The code for the CustomerDB class (cont.) public static int AddCustomer(Customer customer) { SqlConnection connection = MMABooksDB.GetConnection(); string insertStatement = "INSERT Customers " + "(Name, Address, City, State, ZipCode) " + "VALUES (@Name, @Address, @City, @State, @ZipCode)"; SqlCommand insertCommand = new SqlCommand(insertStatement, connection); insertCommand.Parameters.AddWithValue( "@Name", customer.Name); insertCommand.Parameters.AddWithValue( "@Address", customer.Address); insertCommand.Parameters.AddWithValue( "@City", customer.City); insertCommand.Parameters.AddWithValue( "@State", customer.State); insertCommand.Parameters.AddWithValue( "@ZipCode", customer.ZipCode);

The code for the CustomerDB class (cont.) try { connection.Open(); insertCommand.ExecuteNonQuery(); string selectStatement = "SELECT IDENT_CURRENT('Customers') FROM Customers"; SqlCommand selectCommand = new SqlCommand(selectStatement, connection); int customerID = Convert.ToInt32( selectCommand.ExecuteScalar()); return customerID; } catch (SqlException ex) { throw ex; } finally { connection.Close(); } }

The code for the CustomerDB class (cont.) public static bool UpdateCustomer(Customer oldCustomer, Customer newCustomer) { SqlConnection connection = MMABooksDB.GetConnection(); string updateStatement = "UPDATE Customers SET " + "Name = @NewName, " + "Address = @NewAddress, " + "City = @NewCity, " + "State = @NewState, " + "ZipCode = @NewZipCode " + "WHERE Name = @OldName " + "AND Address = @OldAddress " + "AND City = @OldCity " + "AND State = @OldState " + "AND ZipCode = @OldZipCode";

The code for the CustomerDB class (cont.) SqlCommand updateCommand = new SqlCommand(updateStatement, connection); updateCommand.Parameters.AddWithValue( "@NewName", newCustomer.Name); updateCommand.Parameters.AddWithValue( "@NewAddress", newCustomer.Address); updateCommand.Parameters.AddWithValue( "@NewCity", newCustomer.City); updateCommand.Parameters.AddWithValue( "@NewState", newCustomer.State); updateCommand.Parameters.AddWithValue( "@NewZipCode", newCustomer.ZipCode); updateCommand.Parameters.AddWithValue( "@OldName", oldCustomer.Name); updateCommand.Parameters.AddWithValue( "@OldAddress", oldCustomer.Address); ... ... updateCommand.Parameters.AddWithValue( "@OldZipCode", oldCustomer.ZipCode);

The code for the CustomerDB class (cont.) try { connection.Open(); int count = updateCommand.ExecuteNonQuery(); if (count > 0) return true; else return false; } catch (SqlException ex) { throw ex; } finally { connection.Close(); } }

The code for the CustomerDB class (cont.) public static bool DeleteCustomer(Customer customer) { SqlConnection connection = MMABooksDB.GetConnection(); string deleteStatement = "DELETE FROM Customers " + "WHERE Name = @Name " + "AND Address = @Address " + "AND City = @City " + "AND State = @State " + "AND ZipCode = @ZipCode"; SqlCommand deleteCommand = new SqlCommand(deleteStatement, connection); deleteCommand.Parameters.AddWithValue( "@Name", customer.Name); deleteCommand.Parameters.AddWithValue( "@Address", customer.Address); ... ... deleteCommand.Parameters.AddWithValue( "@ZipCode", customer.ZipCode);

The code for the CustomerDB class (cont.) try { connection.Open(); int count = deleteCommand.ExecuteNonQuery(); if (count > 0) return true; else return false; } catch (SqlException ex) { throw ex; } finally { connection.Close(); } } }

The code for the StateDB class public static class StateDB { public static List<State> GetStates() { List<State> states = new List<State>(); SqlConnection connection = MMABooksDB.GetConnection(); string selectStatement = "SELECT StateCode, StateName " + "FROM States " + "ORDER BY StateName"; SqlCommand selectCommand = new SqlCommand(selectStatement, connection);

The code for the StateDB class (cont.) try { connection.Open(); SqlDataReader reader = selectCommand.ExecuteReader(); while (reader.Read()) { State s = new State(); s.StateCode = reader["StateCode"].ToString(); s.StateName = reader["StateName"].ToString(); states.Add(s); } reader.Close(); }

The code for the StateDB class (cont.) catch (SqlException ex) { throw ex; } finally { connection.Close(); } return states; } }

The code for the MMABooksDB class public static class MMABooksDB { public static SqlConnection GetConnection() { // If necessary, change the following connection string // so it works for your system string connectionString = "Data Source=localhost\\SqlExpress; Initial Catalog=MMABooks;" + "Integrated Security=True"; SqlConnection connection = new SqlConnection(connectionString); return connection; } }

The Customer Maintenance form public partial class frmCustomerMaintenance : Form { private Customer customer; private void btnGetCustomer_Click( object sender, EventArgs e) { if (Validator.IsPresent(txtCustomerID) && Validator.IsInt32(txtCustomerID)) { int customerID = Convert.ToInt32( txtCustomerID.Text); this.GetCustomer(customerID);

The Customer Maintenance form (cont.) if (customer == null) { MessageBox.Show( "No customer with this ID. " + "Please try again.", "Customer Not Found"); this.ClearControls(); } else this.DisplayCustomer(); } }

The Customer Maintenance form (cont.) private void GetCustomer(int customerID) { try { customer = CustomerDB.GetCustomer(customerID); } catch (Exception ex) { MessageBox.Show(ex.Message, ex.GetType().ToString()); } }

The Customer Maintenance form (cont.) private void ClearControls() { txtCustomerID.Text = ""; txtName.Text = ""; txtAddress.Text = ""; txtCity.Text = ""; txtState.Text = ""; txtZipCode.Text = ""; btnModify.Enabled = false; btnDelete.Enabled = false; txtCustomerID.Focus(); }

The Customer Maintenance form (cont.) private void DisplayCustomer() { txtName.Text = customer.Name; txtAddress.Text = customer.Address; txtCity.Text = customer.City; txtState.Text = customer.State; txtZipCode.Text = customer.ZipCode; btnModify.Enabled = true; btnDelete.Enabled = true; }

The Customer Maintenance form (cont.) private void btnAdd_Click(object sender, EventArgs e) { frmAddModifyCustomer addCustomerForm = new frmAddModifyCustomer(); addCustomerForm.addCustomer = true; DialogResult result = addCustomerForm.ShowDialog(); if (result == DialogResult.OK) { customer = addCustomerForm.customer; txtCustomerID.Text = customer.CustomerID.ToString(); this.DisplayCustomer(); } }

The Customer Maintenance form (cont.) private void btnModify_Click(object sender, EventArgs e) { frmAddModifyCustomer modifyCustomerForm = new frmAddModifyCustomer(); modifyCustomerForm.addCustomer = false; modifyCustomerForm.customer = customer; DialogResult result = modifyCustomerForm.ShowDialog(); if (result == DialogResult.OK) { customer = modifyCustomerForm.customer; this.DisplayCustomer(); }

The Customer Maintenance form (cont.) else if (result == DialogResult.Retry) { this.GetCustomer(customer.CustomerID); if (customer != null) this.DisplayCustomer(); else this.ClearControls(); } }

The Customer Maintenance form (cont.) private void btnDelete_Click(object sender, EventArgs e) { DialogResult result = MessageBox.Show( "Delete " + customer.Name + "?", "Confirm Delete", MessageBoxButtons.YesNo, MessageBoxIcon.Question); if (result == DialogResult.Yes) {

The Customer Maintenance form (cont.) try { if (!CustomerDB.DeleteCustomer(customer)) { MessageBox.Show("Another user has " + "updated or deleted " + "that customer.", "Database Error"); this.GetCustomer(customer.CustomerID); if (customer != null) this.DisplayCustomer(); else this.ClearControls(); }

The Customer Maintenance form (cont.) else this.ClearControls(); } catch (Exception ex) { MessageBox.Show(ex.Message, ex.GetType().ToString()); } } } private void btnExit_Click(object sender, EventArgs e) { this.Close(); } }

The Add/Modify Customer form public partial class frmAddModifyCustomer : Form { public bool addCustomer; public Customer customer; private void frmAddModifyCustomer_Load( object sender, EventArgs e) { this.LoadStateComboBox(); if (addCustomer) { this.Text = "Add Customer"; cboStates.SelectedIndex = -1; } else { this.Text = "Modify Customer"; this.DisplayCustomer(); } }

The Add/Modify Customer form (cont.) private void LoadStateComboBox() { List<State> states = new List<State>(); try { states = StateDB.GetStates(); cboStates.DataSource = states; cboStates.DisplayMember = "StateName"; cboStates.ValueMember = "StateCode"; } catch (Exception ex) { MessageBox.Show(ex.Message, ex.GetType().ToString()); } }

The Add/Modify Customer form (cont.) private void DisplayCustomer() { txtName.Text = customer.Name; txtAddress.Text = customer.Address; txtCity.Text = customer.City; cboStates.SelectedValue = customer.State; txtZipCode.Text = customer.ZipCode; }

The Add/Modify Customer form (cont.) private void btnAccept_Click(object sender, EventArgs e) { if (IsValidData()) { if (addCustomer) { customer = new Customer(); this.PutCustomerData(customer); try { customer.CustomerID = CustomerDB.AddCustomer(customer); this.DialogResult = DialogResult.OK; } catch (Exception ex) { MessageBox.Show(ex.Message, ex.GetType().ToString()); } }

The Add/Modify Customer form (cont.) else { Customer newCustomer = new Customer(); newCustomer.CustomerID = customer.CustomerID; this.PutCustomerData(newCustomer); try { if (! CustomerDB.UpdateCustomer( customer, newCustomer)) { MessageBox.Show( "Another user has updated or " + "deleted that customer.", "Database Error"); this.DialogResult = DialogResult.Retry; }

The Add/Modify Customer form (cont.) else { customer = newCustomer; this.DialogResult = DialogResult.OK; } } catch (Exception ex) { MessageBox.Show(ex.Message, ex.GetType().ToString()); } } } }

The Add/Modify Customer form (cont.) private bool IsValidData() { return Validator.IsPresent(txtName) && Validator.IsPresent(txtAddress) && Validator.IsPresent(txtCity) && Validator.IsPresent(cboStates) && Validator.IsPresent(txtZipCode); } private void PutCustomerData(Customer customer) { customer.Name = txtName.Text; customer.Address = txtAddress.Text; customer.City = txtCity.Text; customer.State = cboStates.SelectedValue.ToString(); customer.ZipCode = txtZipCode.Text; } }