ASP. NET Write C # code example in Web page--A simple Web MSSQL command execution Environment

On a system that is made to a client, because the database is to be viewed, but previously used by Teamview to connect to the client's server for database operationsBut recently the client side of the Teamview seems to have changed the password so I can not connect properly, and Qiao the customer's network officer because there is nothing to work so also get a new password. Because of the need to view the database for business reasons, a simple SQL command was written and deployed to the client's server to change connectonstring to its own database connection via the Web execution SQL command and save as **.aspx.

<!DOCTYPE HTML><HTML><Head>    <Metahttp-equiv= "Content-type"content= "text/html; charset=utf-8">    <title>EXEC MSSQL COMMAND-HTL</title></Head><%@ Page Language="C #"EnableViewState="true" %><%@ Import Namespace="System" %><%@ Import Namespace="System.Data" %><%@ Import Namespace="System.Data.SqlClient" %><Scriptrunat= "Server">protectedvoidButton1_Click (object sender, EventArgs e) {if(Txt_sql. Value.length>0) {string _connectionstring=system.configuration.configurationmanager.appsettings["ConnectionString"]; if(String. IsNullOrEmpty (_connectionstring)) {Response.Write ("ConnectionString is null<br>");            Response.End (); } Response.Write ("SQL command:<br>"+Txt_sql.            Value); using (SqlConnection connection= NewSqlConnection (_connectionstring)) {using (SqlCommand cmd= NewSqlCommand ()) {                    Try{cmd. Connection=connection; Cmd.commandtext=Txt_sql.                        Value; Cmd.                        Connection.Open (); //EXEC Select                        if(Txt_sql. Value.tostring (). ToLower (). Contains ("Select") {using (SqlDataAdapter SDA=NewSqlDataAdapter (CMD)) {DataTable dtable= NewDataTable (); Sda.                                  Fill (dtable); Gridview1.datasource=dtable;                            Gridview1.databind (); }                        }                        //exec update,insert,delete,other                        Elsecmd.                        ExecuteNonQuery (); Response.Write ("<br>sql Command Success"); }                    Catch(Exception E1) {Response.Write (E1. Message); }                    finally{connection.                    Close (); }                }//End Using SqlCommand            }//End Using SqlConnection        }//End If    }//End Button1_Click</Script><Body>    <Center>        <H1style= "color:red;">At before executing SQL command, please backup database</H1>    </Center>    <formID= "Form1"runat= "Server">        <Asp:gridviewID= "GridView1"runat= "Server" ></Asp:gridview><BR>        <textareaID= "Txt_sql"runat= "Server"style= "width:80%;height:200px;"></textarea>        <BR>          <Asp:buttonID= "Btnadd"runat= "Server"Text= "Exec Sql"OnClick= "Button1_Click" />    </form></Body></HTML>

There is a picture of the truth: for security, add the following configuration to the Web. config file and add the appropriate user name and password on the service to access the file if you want to access the Mssql.aspx file, you must log in with the "Www_mssql" account or you will not be able to access

<Locationpath= "Mssql.aspx"><system.web><Authorization><allowusers= ". \www_mssql"/><denyusers="*"/></Authorization></system.web></ Location>

If the task is complete, remove the file to prevent security problems Why write C # code directly in an ASP. NET page? It's mostly simple, just a file.no need to recompile DLLand does not have any impact on existing systems. Reference (How to write C # code directly in an ASP.): MSDN ASP page syntax[email protected]Import MSDN ASP. NET Page Class overview MSDN ASP. NET page Syntax overview MSDN System.Data.SqlClient namespaces

From for notes (Wiz)

ASP. NET Write C # code example in Web page--A simple Web MSSQL command execution Environment