Execute SQL program code on the asp.net web page

<% @ Page Language = "C #" AutoEventWireup = "true" CodeFile = "ManageSQL. aspx. cs" Inherits = "manage_ManageSQL" %>

<! DOCTYPE html PUBLIC "-// W3C // dtd xhtml 1.0 Transitional // EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<Html xmlns = "http://www.w3.org/1999/xhtml">
<Head runat = "server">
<Title> execute SQL on the web page </title>
<Style type = "text/css">
*{
Padding: 0;
Margin: 0;
}
Body {
Font-size: 12px;
Color: #333;
}
. NavPath
{
Background: # A4B6D7;
Padding: 4px;
}
</Style>
</Head>
<Body>
<Form id = "form" runat = "server">
<Div class = "navPath"> your current location: System Management & raquo; execute SQL </div>
<Div style = "vertical-align: top; margin-top: 10px; margin-left: 10px;">
<Asp: textBox ID = "txtSQL" runat = "server" TextMode = "MultiLine" Height = "80px" Width = "90%" BorderStyle = "Inset" OnTextChanged = "txtSQL_TextChanged"> </asp: textBox>
<Br/>
<Asp: Button ID = "btnExeSql" runat = "server" CssClass = "button" Text = "run SQL" OnClick = "btnExeSql_Click"/>
<Asp: Label ID = "lblExeNum" runat = "server"> </asp: Label>
<A href = "javascript: void (0)" onclick = "Open (document. getElementById ('table'). innerHTML)"> View the table structure </a>
<Div id = "table" style = "display: none;">
<Asp: GridView ID = "grdTable" runat = "server" Font-Size = "12px" Width = "100%">
<RowStyle HorizontalAlign = "Center" CssClass = "tItem"/>
<PagerStyle CssClass = "tPage"/>
<HeaderStyle CssClass = "tHeader"/>
<AlternatingRowStyle CssClass = "tAlter"/>
<SelectedRowStyle BackColor = "# F1F5FB"/>
</Asp: GridView>
</Div>
<Div class = "tipInfo" style = "width: 90%; display: none; "id =" tip "> This function is recommended only for system administrators who are familiar with SQL statements. Otherwise, database data may be lost. </Div>
<Hr style = "border-collapse: collapse; width: 90%; text-align: left;"/>
</Div>
<Asp: GridView ID = "grdSQL" runat = "server" Width = "100%" Visible = "False">
<RowStyle HorizontalAlign = "Center" CssClass = "tItem"/>
<PagerStyle CssClass = "tPage"/>
<HeaderStyle CssClass = "tHeader"/>
<AlternatingRowStyle CssClass = "tAlter"/>
<SelectedRowStyle BackColor = "# F1F5FB"/>
</Asp: GridView>
<Script type = "text/javascript">
Var Osel = document. form;
Osel. onsubmit = function ()
{
If (Osel. <% = txtSQL. ClientID %>. value = "")
    {
Alert ("Enter cannot be blank ");
Osel. <% = txtSQL. ClientID %>. focus ();
Return false;
    }
Else if (Osel. <% = txtSQL. ClientID %>. value. indexOf ("update ")! =-1 | Osel. <% = txtSQL. ClientID %>. value. indexOf ("delete ")! =-1 | Osel. <% = txtSQL. ClientID %>. value. indexOf ("truncate ")! =-1)
    {
If (confirm ("The operation to be executed has certain risks. Continue? "))
Return true;
Else
Return false;
    }
}

Function Open (value)
{
Var TestWin = open ('','', 'toolbar = no, scrollbars = yes, menubar = no, location = no, resizable = no ');
TestWin.doc ument. title = "database table structure ";
TestWin.doc ument. write (value );
}

Function clear ()
{
Document. getElementById ("tip"). style. display = "none"
}
Window. setInterval ("clear ()", 3000 );

</Script>
</Form>
</Body>
</Html>

Web page execution SQL statement program manageSql. aspx. cs

Using System;
Using System. Data;
Using System. Configuration;
Using System. Collections;
Using System. Web;
Using System. Web. Security;
Using System. Web. UI;
Using System. Web. UI. WebControls;
Using System. Web. UI. WebControls. WebParts;
Using System. Web. UI. HtmlControls;
Using System. Data. SqlClient;

/// <Summary>
/// Author: walkingp
/// Web Site: http://www.51obj.cn/
// E-mail: walkingp@126.com
/// </Summary>
Public partial class manage_ManageSQL: System. Web. UI. Page
{
Protected void Page_Load (object sender, EventArgs e)
    {
If (! IsPostBack)
        {
GetTableName ();
        }
    }

# Region SqlConnection
/// <Summary>
/// Initialize SqlConnection
/// </Summary>
Private static SqlConnection connection;
Public static SqlConnection Connection
    {
Get
        {
String connectionString = "server =.; DataBase = model; uid = sa; pwd = ;";
If (connection = null)
            {
Connection = new SqlConnection (connectionString );
Connection. Open ();
            }
Else if (connection. State = System. Data. ConnectionState. Closed)
            {
Connection. Open ();
            }
Else if (connection. State = System. Data. ConnectionState. Broken)
            {
Connection. Close ();
Connection. Open ();
            }
Return connection;
        }
    }

/// <Summary>
/// Execute SQL
/// </Summary>
/// <Param name = "SQL"> SQL </param>
/// <Returns> Number of affected records </returns>
Public static int ExecuteCommand (string safeSql)
    {
SqlCommand cmd = new SqlCommand (safeSql, Connection );
Int result = cmd. ExecuteNonQuery ();
Return result;
    }
/// <Summary>
/// Execute SQL (overload)
/// </Summary>
/// <Param name = "SQL"> SQL </param>
/// <Param name = "values"> SqlParameter </param>
/// <Returns> Number of affected records </returns>
Public static int ExecuteCommand (string SQL, params SqlParameter [] values)
    {
SqlCommand cmd = new SqlCommand (SQL, Connection );
Cmd. Parameters. AddRange (values );
Return cmd. ExecuteNonQuery ();
    }

/// <Summary>
/// Obtain the DataTable
/// </Summary>
/// <Param name = "safeSql"> SQL </param>
/// <Returns> DataTable </returns>
Public static DataTable GetDataSet (string safeSql)
    {
DataSet ds = new DataSet ();
SqlCommand cmd = new SqlCommand (safeSql, Connection );
SqlDataAdapter da = new SqlDataAdapter (cmd );
Da. Fill (ds );
Return ds. Tables [0];
    }
# Endregion

/// <Summary>
/// Obtain the data table structure
/// </Summary>
Protected void GetTableName ()
    {
DataTable dt = Connection. GetSchema ("Tables", null );
Connection. Close ();
GrdTable. DataSource = dt;
GrdTable. DataBind ();
    }

/// <Summary>
/// Perform the operation
/// </Summary>
/// <Param name = "sender"> </param>
/// <Param name = "e"> </param>
Protected void btnExeSql_Click (object sender, EventArgs e)
    {
String SQL = txtSQL. Text. Trim (). ToLower ();
Int intExeNum;

Try
        {
If (SQL. Substring (0, 6). IndexOf ("select ")! =-1)
            {
DataTable dt = GetDataSet (SQL );
GrdSQL. DataSource = dt;
GrdSQL. DataBind ();
LblExeNum. Text = "number of returned Records: <strong>" + dt. Rows. Count + "</strong> ";
GrdSQL. Visible = true;
            }
Else if (SQL. Substring (0, 6). IndexOf ("delete ")! =-1 | SQL. Substring (0, 6). IndexOf ("update ")! =-1 | SQL. Substring (0, 8). IndexOf ("truncate ")! =-1)
            {
IntExeNum = ExecuteCommand (SQL );
LblExeNum. Text = "affected rows: <strong>" + intExeNum + "</strong> ";
GrdSQL. Visible = false;
            }
        }
Catch (Exception ex)
        {
ClientScript. registerStartupScript (typeof (string), "", "document. write ("

        }
    }

/// <Summary>
/// The execution button is available.
/// </Summary>
/// <Param name = "sender"> </param>
/// <Param name = "e"> </param>
Protected void txtSQL_TextChanged (object sender, EventArgs e)
    {
BtnExeSql. Enabled = true;
    }
}