<% @ Page Language = "C #" AutoEventWireup = "true" CodeFile = "ManageSQL. aspx. cs" Inherits = "manage_ManageSQL" %>
<! DOCTYPE html PUBLIC "-// W3C // dtd xhtml 1.0 Transitional // EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<Html xmlns = "http://www.w3.org/1999/xhtml">
<Head runat = "server">
<Title> execute SQL on the web page </title>
<Style type = "text/css">
*{
Padding: 0;
Margin: 0;
}
Body {
Font-size: 12px;
Color: #333;
}
. NavPath
{
Background: # A4B6D7;
Padding: 4px;
}
</Style>
</Head>
<Body>
<Form id = "form" runat = "server">
<Div class = "navPath"> your current location: System Management & raquo; execute SQL </div>
<Div style = "vertical-align: top; margin-top: 10px; margin-left: 10px;">
<Asp: textBox ID = "txtSQL" runat = "server" TextMode = "MultiLine" Height = "80px" Width = "90%" BorderStyle = "Inset" OnTextChanged = "txtSQL_TextChanged"> </asp: textBox>
<Br/>
<Asp: Button ID = "btnExeSql" runat = "server" CssClass = "button" Text = "run SQL" OnClick = "btnExeSql_Click"/>
<Asp: Label ID = "lblExeNum" runat = "server"> </asp: Label>
<A href = "javascript: void (0)" onclick = "Open (document. getElementById ('table'). innerHTML)"> View the table structure </a>
<Div id = "table" style = "display: none;">
<Asp: GridView ID = "grdTable" runat = "server" Font-Size = "12px" Width = "100%">
<RowStyle HorizontalAlign = "Center" CssClass = "tItem"/>
<PagerStyle CssClass = "tPage"/>
<HeaderStyle CssClass = "tHeader"/>
<AlternatingRowStyle CssClass = "tAlter"/>
<SelectedRowStyle BackColor = "# F1F5FB"/>
</Asp: GridView>
</Div>
<Div class = "tipInfo" style = "width: 90%; display: none; "id =" tip "> This function is recommended only for system administrators who are familiar with SQL statements. Otherwise, database data may be lost. </Div>
<Hr style = "border-collapse: collapse; width: 90%; text-align: left;"/>
</Div>
<Asp: GridView ID = "grdSQL" runat = "server" Width = "100%" Visible = "False">
<RowStyle HorizontalAlign = "Center" CssClass = "tItem"/>
<PagerStyle CssClass = "tPage"/>
<HeaderStyle CssClass = "tHeader"/>
<AlternatingRowStyle CssClass = "tAlter"/>
<SelectedRowStyle BackColor = "# F1F5FB"/>
</Asp: GridView>
<Script type = "text/javascript">
Var Osel = document. form;
Osel. onsubmit = function ()
{
If (Osel. <% = txtSQL. ClientID %>. value = "")
{
Alert ("Enter cannot be blank ");
Osel. <% = txtSQL. ClientID %>. focus ();
Return false;
}
Else if (Osel. <% = txtSQL. ClientID %>. value. indexOf ("update ")! =-1 | Osel. <% = txtSQL. ClientID %>. value. indexOf ("delete ")! =-1 | Osel. <% = txtSQL. ClientID %>. value. indexOf ("truncate ")! =-1)
{
If (confirm ("The operation to be executed has certain risks. Continue? "))
Return true;
Else
Return false;
}
}
Function Open (value)
{
Var TestWin = open ('','', 'toolbar = no, scrollbars = yes, menubar = no, location = no, resizable = no ');
TestWin.doc ument. title = "database table structure ";
TestWin.doc ument. write (value );
}
Function clear ()
{
Document. getElementById ("tip"). style. display = "none"
}
Window. setInterval ("clear ()", 3000 );
</Script>
</Form>
</Body>
</Html>
Web page execution SQL statement program manageSql. aspx. cs
Using System;
Using System. Data;
Using System. Configuration;
Using System. Collections;
Using System. Web;
Using System. Web. Security;
Using System. Web. UI;
Using System. Web. UI. WebControls;
Using System. Web. UI. WebControls. WebParts;
Using System. Web. UI. HtmlControls;
Using System. Data. SqlClient;
/// <Summary>
/// Author: walkingp
/// Web Site: http://www.51obj.cn/
// E-mail: walkingp@126.com
/// </Summary>
Public partial class manage_ManageSQL: System. Web. UI. Page
{
Protected void Page_Load (object sender, EventArgs e)
{
If (! IsPostBack)
{
GetTableName ();
}
}
# Region SqlConnection
/// <Summary>
/// Initialize SqlConnection
/// </Summary>
Private static SqlConnection connection;
Public static SqlConnection Connection
{
Get
{
String connectionString = "server =.; DataBase = model; uid = sa; pwd = ;";
If (connection = null)
{
Connection = new SqlConnection (connectionString );
Connection. Open ();
}
Else if (connection. State = System. Data. ConnectionState. Closed)
{
Connection. Open ();
}
Else if (connection. State = System. Data. ConnectionState. Broken)
{
Connection. Close ();
Connection. Open ();
}
Return connection;
}
}
/// <Summary>
/// Execute SQL
/// </Summary>
/// <Param name = "SQL"> SQL </param>
/// <Returns> Number of affected records </returns>
Public static int ExecuteCommand (string safeSql)
{
SqlCommand cmd = new SqlCommand (safeSql, Connection );
Int result = cmd. ExecuteNonQuery ();
Return result;
}
/// <Summary>
/// Execute SQL (overload)
/// </Summary>
/// <Param name = "SQL"> SQL </param>
/// <Param name = "values"> SqlParameter </param>
/// <Returns> Number of affected records </returns>
Public static int ExecuteCommand (string SQL, params SqlParameter [] values)
{
SqlCommand cmd = new SqlCommand (SQL, Connection );
Cmd. Parameters. AddRange (values );
Return cmd. ExecuteNonQuery ();
}
/// <Summary>
/// Obtain the DataTable
/// </Summary>
/// <Param name = "safeSql"> SQL </param>
/// <Returns> DataTable </returns>
Public static DataTable GetDataSet (string safeSql)
{
DataSet ds = new DataSet ();
SqlCommand cmd = new SqlCommand (safeSql, Connection );
SqlDataAdapter da = new SqlDataAdapter (cmd );
Da. Fill (ds );
Return ds. Tables [0];
}
# Endregion
/// <Summary>
/// Obtain the data table structure
/// </Summary>
Protected void GetTableName ()
{
DataTable dt = Connection. GetSchema ("Tables", null );
Connection. Close ();
GrdTable. DataSource = dt;
GrdTable. DataBind ();
}
/// <Summary>
/// Perform the operation
/// </Summary>
/// <Param name = "sender"> </param>
/// <Param name = "e"> </param>
Protected void btnExeSql_Click (object sender, EventArgs e)
{
String SQL = txtSQL. Text. Trim (). ToLower ();
Int intExeNum;
Try
{
If (SQL. Substring (0, 6). IndexOf ("select ")! =-1)
{
DataTable dt = GetDataSet (SQL );
GrdSQL. DataSource = dt;
GrdSQL. DataBind ();
LblExeNum. Text = "number of returned Records: <strong>" + dt. Rows. Count + "</strong> ";
GrdSQL. Visible = true;
}
Else if (SQL. Substring (0, 6). IndexOf ("delete ")! =-1 | SQL. Substring (0, 6). IndexOf ("update ")! =-1 | SQL. Substring (0, 8). IndexOf ("truncate ")! =-1)
{
IntExeNum = ExecuteCommand (SQL );
LblExeNum. Text = "affected rows: <strong>" + intExeNum + "</strong> ";
GrdSQL. Visible = false;
}
}
Catch (Exception ex)
{
ClientScript. registerStartupScript (typeof (string), "", "document. write ("
}
}
/// <Summary>
/// The execution button is available.
/// </Summary>
/// <Param name = "sender"> </param>
/// <Param name = "e"> </param>
Protected void txtSQL_TextChanged (object sender, EventArgs e)
{
BtnExeSql. Enabled = true;
}
}