在插入单一的点击muliple记录按钮动态 [英] insert muliple records on single click on button dynamically
问题描述
我有2表像....
下面管理员分配到学科院系为每门课程和学期....
块引用>1] Assign_Subjects
Faculty_Id VARCHAR(20)
COURSE_ID VARCHAR(20)
学期VARCHAR(20)
Subject_Id VARCHAR(20)
SUBJECT_NAME VARCHAR(50)
时间VARCHAR(50)INSERT INTO Assign_Subjects值(F1,BCA,2,DS,数据结构,10-11)
INSERT INTO Assign_Subjects值(F1,BCA,2,C,C程序设计,11-12)
INSERT INTO Assign_Subjects值(F1,BCA,1,QB,Q基本,1-2)
INSERT INTO Assign_Subjects值(F2,BCA,3,SS,系统结构,10-11)
INSERT INTO Assign_Subjects值(F2,BCA,3,交流,会计,11-12)
下面做教师为插入标记学生
块引用>2] Exam_Result
Result_Id INT(无自动和PK)
Enroll_Number VARCHAR(50)经过
Student_Name VARCHAR(100)经过
经过COURSE_ID VARCHAR(50)
学期VARCHAR(50)经过
经过Subject_Id VARCHAR(50)
SUBJECT_NAME VARCHAR(50)经过
MarksObtained数字(18,0)经过
EXAM_TYPE VARCHAR(50)经过
现在我的问题是我怎么能插入所有分配科目标记为 Exam_Result 在单按钮点击
块引用>肌内给人总的想法是什么,我想是....
在 FillResult.aspx ,在这里,我想用文本框所有对象名称(或类似的GridView任何其他可能的方式/ dalalist等)由管理员和按钮(onClick事件)分配,以填补痕迹......
块引用>请注意:受试者出现按分配不能解决的科目数量也可能是3个或5个以上。
所以,怎么可能为我做到这一点?.....
通过的GridView,编辑模板或storesd程序????
块引用>所有amswers是最欢迎.....
解决方案如果你不知道确切的无主体进入标记 - ?我们怎么来生成一个查询做
从来没有少给你看,以防止SQL注入攻击,你把你的存储特效SQL:
CREATE PROCEDURE [DBO]。[pr_GetAssignedSubjectsByFacultyIdAndSemester]
@FacultyID INT,
@Semester为nvarchar(MAX)
如
开始
SET NOCOUNT ON;
选择[师资队伍],[主题],[CreatedBy],[CreatedDate],[ModifiedBy],[ModifiedDate]
FROM [DBO]。[tblNotSure]
WHERE [FacultyID] = @FacultyID
和[学期] = @Semester
与[请将isDeleted] = 0
结束然后在code,我们调用存储过程中,注意参数化的命令,这prevents SQL注入攻击。例如说,我们在这个学期DDL /文本框中键入(或用Firebug编辑元素值)1 UNION SELECT * FROM Master.Users - 执行此即席SQL可以返回SQL用户帐户的列表,但虽然参数化命令传递避免了问题:
公共静态aClassCollection GetAssignedSubjectsByFacultyIdAndSemester(INT facultyId,串学期)
{
VAR newClassCollection =新aClassCollection();
使用(VAR连接=新的SqlConnection(ConfigurationManager.ConnectionStrings [sqlConn]。的ConnectionString))
{
使用(VAR命令=新的SqlCommand(pr_GetAssignedSubjectsByFacultyIdAndSemester连接))
{
尝试
{
command.CommandType = CommandType.StoredProcedure;
command.Parameters.AddWithValue(@ facultyId,facultyId);
command.Parameters.AddWithValue(@学期,学期);
connection.Open();
SqlDataReader的博士= Command.ExecuteReader却();
而(dr.Read())
{
newClassCollection.Add(新类(){。丘壑=博士[丘壑]的ToString()});
}
}
赶上(SQLEXCEPTION sqlEx)
{
//至少是记录错误
}
最后
{
//这是不需要的,因为我们正在使用的USING语句是确定性结束,但我把它放在这里(这个答案)讲解使用...
connection.close()时;
}
}
} 返回newClassCollection;
}i have 2 tables like....
Here Admin Assigns Subjects to faculties as per course and semester....
1] Assign_Subjects
Faculty_Id varchar(20) Course_Id varchar(20) Semester varchar(20) Subject_Id varchar(20) Subject_Name varchar(50) Time varchar(50) INSERT INTO Assign_Subjects Values("F1","BCA",2,"DS","Data Structure","10-11") INSERT INTO Assign_Subjects Values("F1","BCA",2,"C","C Programming","11-12") INSERT INTO Assign_Subjects Values("F1","BCA",1,"QB","Q Basic","1-2") INSERT INTO Assign_Subjects Values("F2","BCA",3,"SS","System Structure","10-11") INSERT INTO Assign_Subjects Values("F2","BCA",3,"AC","Accountancy","11-12")
Here Faculty do insert marks for students
2] Exam_Result
Result_Id int(Auto no and PK) Enroll_Number varchar(50) Checked Student_Name varchar(100) Checked Course_Id varchar(50) Checked Semester varchar(50) Checked Subject_Id varchar(50) Checked Subject_Name varchar(50) Checked MarksObtained numeric(18, 0) Checked Exam_Type varchar(50) Checked
now my question is how can i insert all assigned subjects marks to Exam_Result on Single Button Click
i.m giving general idea what i want is....
In FillResult.aspx, here i want all subject names with textboxes (or any other possible way like gridview/dalalist etc) that are assigned by admin and button(onClick event) to fill the marks...
NOTE: Subjects appears as per assigning not fix number of subjects it may be 3 or 5 or more
so, How's it possible for me to do so.....??
through gridview,edit templates or storesd procedures ????
all amswers are most welcome.....
解决方案If you dont know the exact no of subjects to enter the marks - how are we supposed to generate a query to do it?
Never the less to show you to protect against SQL Injection attacks you put you SQL in Stored Procs:
create PROCEDURE [dbo].[pr_GetAssignedSubjectsByFacultyIdAndSemester] @FacultyID int, @Semester nvarchar(MAX) AS BEGIN SET NOCOUNT ON; SELECT [Faculty], [Subjects],[CreatedBy],[CreatedDate],[ModifiedBy],[ModifiedDate] FROM [dbo].[tblNotSure] WHERE [FacultyID] = @FacultyID AND [Semester] = @Semester AND [IsDeleted] = 0 END
Then in code we call the stored procedure, notice the Parameterised Commands, this prevents SQL Injection attacks. For example say we typed in the semester ddl/textbox (or using FireBug to edit the elements value) 1 UNION SELECT * FROM Master.Users - executing this ad-hoc SQL could return the list of SQL user accounts but passed though a parameterised command avoids the problem:
public static aClassCollection GetAssignedSubjectsByFacultyIdAndSemester(int facultyId, string semester) { var newClassCollection = new aClassCollection(); using (var connection = new SqlConnection(ConfigurationManager.ConnectionStrings["sqlConn"].ConnectionString)) { using (var command = new SqlCommand("pr_GetAssignedSubjectsByFacultyIdAndSemester", connection)) { try { command.CommandType = CommandType.StoredProcedure; command.Parameters.AddWithValue("@facultyId", facultyId); command.Parameters.AddWithValue("@semester", semester); connection.Open(); SqlDataReader dr = command.ExecuteReader(); while (dr.Read()) { newClassCollection.Add(new Class(){vals = dr["vals"].ToString()}); } } catch (SqlException sqlEx) { //at the very least log the error } finally { //This isn't needed as we're using the USING statement which is deterministic finalisation, but I put it here (in this answer) to explain the Using... connection.Close(); } } } return newClassCollection; }
这篇关于在插入单一的点击muliple记录按钮动态的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!