|
Please rate it 1-10 where 10 is the highest. I only learned VB.NET from school and only have self-taught C# so most of the logic here I got from open-source projects and some throught. Took me hours to refine this but I still feel I can do better (I know how to use constructors, accessors, and such but I didn't use them here).
It is a simple INSERT/UPDATE/DELETE form with datagridview/listbox display.
MainForm:
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Data.SqlClient;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
namespace Workers {
public partial class ManageUserRecords : Form {
string getID { get; set; }
string Emp_ID, Username, Password, Type, FirstName, MInitial, LastName, FullName, Address, Phone, Email;
public ManageUserRecords() {
InitializeComponent();
}
private void ManageUserRecords_Load(object sender, EventArgs e) {
load_Dgv();
hide_GridColumns();
load_lb();
}
private void dataGridView1_CellClick(object sender, DataGridViewCellEventArgs e) {
set_TxtBox();
}
private void dataGridView1_ColumnHeaderMouseClick(object sender, DataGridViewCellMouseEventArgs e) {
set_TxtBox();
}
private void dataGridView1_KeyDown(object sender, KeyEventArgs e) {
if (e.KeyCode == Keys.Up || e.KeyCode == Keys.Down) {
set_TxtBox();
}
}
private void btnInsert_Click(object sender, EventArgs e) {
if ((string)btnInsert.Tag == "Add New") {
btnInsert.Tag = "Save Add";
btnInsert.Text = "Save";
clear_All();
txtFName.Select();
} else if ((string)btnInsert.Tag == "Save Add") {
if (txtFName.TextLength < 1 || txtLName.TextLength < 1) {
MessageBox.Show("First Name & Last Name is required");
return;
} else if (txtUsername.TextLength < 1 || txtPassword.TextLength < 1) {
MessageBox.Show("Username & Password is required");
return;
} else if (cbType.Text == "") {
MessageBox.Show("Account Type is required");
return;
}
btnInsert.Tag = "Add New";
btnInsert.Text = "Add New";
Username = txtUsername.Text;
Password = txtPassword.Text;
Type = cbType.Text;
FirstName = txtFName.Text;
MInitial = txtMInitial.Text;
LastName = txtLName.Text;
FullName = FirstName + " " + MInitial + " " + LastName;
Address = txtAddress.Text;
Phone = txtPhone.Text;
Email = txtEmail.Text;
new FormWorkers().insert_Record(FullName, Username, Password, Type, FirstName, MInitial, LastName, Address, Phone, Email);
string userInfo = String.Format("Details:{0} Name : {1}{0} Address : {2}{0} Phone : {3}{0} Email : {4}{0}{0}Account:{0} Username : {5}{0} Type : {6}", Environment.NewLine, FullName, Address, Phone, Email, Username, Type);
MessageBox.Show(String.Format("Record Added!{0}{0}" + userInfo, Environment.NewLine));
load_Dgv();
load_lb();
clear_All();
}
}
private void btnUpdate_Click(object sender, EventArgs e) {
int count = dgvEmployees.SelectedRows.Count;
if (count == 1) {
if ((string)btnUpdate.Tag == "Update New") {
btnUpdate.Tag = "Save";
btnUpdate.Text = "Save";
accessControls();
} else if ((string)btnUpdate.Tag == "Save") {
btnUpdate.Tag = "Update New";
btnUpdate.Text = "Update";
Emp_ID = getID;
Password = txtPassword.Text;
Type = cbType.Text;
FirstName = txtFName.Text;
MInitial = txtMInitial.Text;
LastName = txtLName.Text;
FullName = FirstName + " " + MInitial + " " + LastName;
Address = txtAddress.Text;
Phone = txtPhone.Text;
Email = txtEmail.Text;
new FormWorkers().update_Info(Emp_ID, FullName, Password, Type, FirstName, MInitial, LastName, Address, Phone, Email);
MessageBox.Show("Record updated");
load_Dgv();
load_lb();
clear_All();
}
} else {
MessageBox.Show("Select an item from the list to update.");
}
}
private void btnDelete_Click(object sender, EventArgs e) {
int count = dgvEmployees.SelectedRows.Count;
if (count == 1) {
Emp_ID = getID;
new FormWorkers().delete_Record(Emp_ID);
MessageBox.Show("Record deleted");
load_Dgv();
load_lb();
clear_All();
} else {
MessageBox.Show("Select an item from the list to delete.");
}
}
void accessControls() {
foreach (Control txt in this.Controls) {
if (txt is TextBox) {
txt.Enabled = true;
}
}
foreach (Control txt in groupBox1.Controls) {
if (txt is TextBox) {
txt.Enabled = true;
}
cbType.Enabled = true;
}
}
void load_Dgv() {
new FormWorkers().load_Db();
dgvEmployees.DataSource = FormWorkers.sqldt;
}
void load_lb() {
listBox1.Items.Clear();
new FormWorkers().load_List();
foreach (DataRow dtrows in FormWorkers.lbdt.Rows) {
FormWorkers.dtrow = dtrows;
listBox1.Items.Add("(" + FormWorkers.dtrow["Emp_ID"] + ") " +
"Name: " + FormWorkers.dtrow["Name"]);
}
}
void set_TxtBox() {
DataGridViewRow CurrentRow = dgvEmployees.CurrentRow;
getID = CurrentRow.Cells[0].Value.ToString();
txtFName.Text = CurrentRow.Cells[5].Value.ToString();
txtMInitial.Text = CurrentRow.Cells[6].Value.ToString();
txtLName.Text = CurrentRow.Cells[7].Value.ToString();
txtAddress.Text = CurrentRow.Cells[2].Value.ToString();
txtPhone.Text = CurrentRow.Cells[3].Value.ToString();
txtEmail.Text = CurrentRow.Cells[4].Value.ToString();
txtUsername.Text = CurrentRow.Cells[8].Value.ToString();
cbType.Text = CurrentRow.Cells[9].Value.ToString();
}
void hide_GridColumns() {
int colcount = dgvEmployees.Columns.Count - 1;
for (int i = 5; i <= colcount; i++) {
dgvEmployees.Columns[i].Visible = false;
}
}
void clear_All() {
foreach (Control txt in this.Controls) {
if (txt is TextBox || (string)btnDelete.Tag != "Delete") {
txt.Text = "";
if (txt.Enabled == true) {
txt.Enabled = false;
} else {
txt.Enabled = true;
}
}
}
foreach (Control txt in groupBox1.Controls) {
if (txt is TextBox || (string)btnDelete.Tag != "Delete") {
txt.Text = "";
if (txt.Enabled == true) {
txt.Enabled = false;
cbType.Enabled = false;
} else {
txt.Enabled = true;
cbType.Enabled = true;
}
}
cbType.SelectedIndex = 0;
}
dgvEmployees.ClearSelection();
}
}
}
MainForm Class:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Data;
using System.Data.SqlClient;
using System.Windows.Forms;
namespace Workers {
class FormWorkers {
SqlCommand cmdSelect, sqlInsert, sqlUpdate, sqlDelete;
SqlDataAdapter sqlSelect;
SqlDataReader rdr;
public static DataRow dtrow;
public static DataTable lbdt;
public static DataTable sqldt;
public static string ID;
private static FormWorkers _main = new FormWorkers();
public static FormWorkers Main {
get {
return _main;
}
}
public void load_List() {
string connStr = @"Data Source=.\SQLEXPRESS_KEVIN;Database=Test;Integrated Security=true";
using (SqlConnection conn = new SqlConnection(connStr)) {
using (SqlDataAdapter sqlSelect = new SqlDataAdapter("SELECT Emp_ID,Name FROM Employees INNER JOIN Accounts ON Employees.Acct_ID=Accounts.Acct_ID WHERE Emp_ID >= 1", conn)) {
lbdt = new DataTable();
sqlSelect.Fill(lbdt);
dtrow = null;
}
}
}
public void load_Db() {
try {
string connStr = @"Data Source=.\SQLEXPRESS_KEVIN;Database=Test;Integrated Security=true";
using (SqlConnection conn = new SqlConnection(connStr)) {
using (sqlSelect = new SqlDataAdapter("SELECT Emp_ID AS 'ID',Accounts.Name,Emp_Address AS 'Address',Emp_Contact AS 'Phone',Emp_Email AS 'Email',Emp_FName,Emp_MName,Emp_LName,Username,Type FROM Employees INNER JOIN Accounts ON Employees.Acct_ID=Accounts.Acct_ID", conn)) {
sqldt = new DataTable();
sqlSelect.Fill(sqldt);
}
}
} catch (SqlException err) {
MessageBox.Show(err.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Information);
}
}
public void insert_Record(string FullName, string Username, string Password, string Type, string FirstName, string MInitial, string LastName, string Address, string Phone, string Email) {
try {
string connStr = @"Data Source=.\SQLEXPRESS_KEVIN;Database=Test;Integrated Security=true";
using (SqlConnection conn = new SqlConnection(connStr)) {
using (sqlInsert = new SqlCommand(
"INSERT INTO Accounts (Name,Username,Password,Type) VALUES (@name,@username,@password,@type);" +
"INSERT INTO Employees (Acct_ID,Emp_FName,Emp_MName,Emp_LName,Emp_Address,Emp_Contact,Emp_Email) " +
"SELECT TOP 1 Acct_ID,@FName,@MName,@LName,@Address,@Phone,@Email FROM Accounts ORDER BY Acct_ID DESC", conn)) {
sqlInsert.Parameters.AddWithValue("@name", FullName);
sqlInsert.Parameters.AddWithValue("@username", Username);
sqlInsert.Parameters.AddWithValue("@password", Password);
sqlInsert.Parameters.AddWithValue("@type", Type);
sqlInsert.Parameters.AddWithValue("@FName", FirstName);
sqlInsert.Parameters.AddWithValue("@MName", MInitial);
sqlInsert.Parameters.AddWithValue("@LName", LastName);
sqlInsert.Parameters.AddWithValue("@Address", Address);
sqlInsert.Parameters.AddWithValue("@Phone", Phone);
sqlInsert.Parameters.AddWithValue("@Email", Email);
conn.Open();
sqlInsert.ExecuteNonQuery();
}
}
} catch (SqlException err) {
MessageBox.Show(err.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Information);
}
}
public void update_Info(string Emp_ID, string FullName, string Password, string Type, string FirstName, string MInitial, string LastName, string Address, string Phone, string Email) {
try {
string connStr = @"Data Source=.\SQLEXPRESS_KEVIN;Database=Test;Integrated Security=true";
using (SqlConnection conn = new SqlConnection(connStr)) {
conn.Open();
using (sqlUpdate = new SqlCommand(
"UPDATE Accounts SET Name=@name,Password=@password,Type=@type FROM Accounts INNER JOIN Employees ON Accounts.Acct_ID=Employees.Acct_ID WHERE Emp_ID=@Emp_ID;" +
"UPDATE Employees SET Emp_FName=@FName,Emp_MName=@MName,Emp_LName=@LName,Emp_Address=@Address,Emp_Contact=@Phone,Emp_Email=@Email WHERE Emp_ID=@Emp_ID", conn)) {
sqlUpdate.Parameters.AddWithValue("@name", FullName);
sqlUpdate.Parameters.AddWithValue("@password", Password);
sqlUpdate.Parameters.AddWithValue("@type", Type);
sqlUpdate.Parameters.AddWithValue("@FName", FirstName);
sqlUpdate.Parameters.AddWithValue("@MName", MInitial);
sqlUpdate.Parameters.AddWithValue("@LName", LastName);
sqlUpdate.Parameters.AddWithValue("@Address", Address);
sqlUpdate.Parameters.AddWithValue("@Phone", Phone);
sqlUpdate.Parameters.AddWithValue("@Email", Email);
sqlUpdate.Parameters.AddWithValue("@Emp_ID", Emp_ID);
sqlUpdate.ExecuteNonQuery();
}
}
} catch (SqlException err) {
MessageBox.Show(err.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
public void delete_Record(string Emp_ID) {
try {
string connStr = @"Data Source=.\SQLEXPRESS_KEVIN;Database=Test;Integrated Security=true";
using (SqlConnection conn = new SqlConnection(connStr)) {
using (sqlDelete = new SqlCommand(
"DELETE Accounts FROM Accounts INNER JOIN Employees ON Accounts.Acct_ID=Employees.Acct_ID WHERE Emp_ID=@ID;" +
"DELETE FROM Employees WHERE Emp_ID=@ID", conn)) {
sqlDelete.Parameters.AddWithValue("@ID", Emp_ID);
conn.Open();
sqlDelete.ExecuteNonQuery();
}
}
} catch (SqlException err) {
MessageBox.Show(err.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
}
}
|
|
|
|
|
We aren't here to mark your homework!
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|
|
You're storing passwords in plain text. That's an immediate security failure. You should only ever store a salted hash of the password, using a unique salt per record.
Secure Password Authentication Explained Simply[^]
Salted Password Hashing - Doing it Right[^]
You've repeated the connection string in every method. You should move that to a field on the class, or better yet, store it in the application's configuration file.
You should remove all of the fields currently on your FormWorkers class, and use local variables and return values instead. As it stands, your code is not thread-safe.
You should make all of the methods in the FormWorkers class static , and mark the class itself as static . That way, you won't need to keep creating instances of the class to call the methods.
On the plus side, you have correctly parameterised your queries, avoiding SQL Injection vulnerabilities.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Message Closed
modified 7-Feb-17 6:52am.
|
|
|
|
|
The main difference is that Array is fixed size, while an ArrayList will grow as required. If you know the required size of a collection of objects, then Array is the best solution. If you are adding items to it indeterminately, then the ArrayList is the way to go.
Cheers,
Mick
------------------------------------------------
It doesn't matter how often or hard you fall on your arse, eventually you'll roll over and land on your feet.
|
|
|
|
|
Oh, I forget that point thanks to remind me dear
|
|
|
|
|
|
thanks for these amazing resources
|
|
|
|
|
Forget about ArrayList, ArrayList is really very much old and you should focus on what C# now has. C# has List object, and it is primarily "managed" array. In static arrays, you have a static length of it. So, if you created an array of size, say 10, you will always have 10 indices to care of even if you store only 3-6 objects in it. Same case, if you want to add more you cannot since you are only allocated with 10 indices.
In List case, you can always grow the size or shrink it as needed. Such as,
var names = new List<string> ();
names.Add("Afzaal");
names.Add("Ahmad");
You cannot do the same in case of arrays, the above is similar to having the following,
string[] names = new string [] { };
names[0] = "Afzaal";
names[1] = "Ahmad";
To see what happens you can do the following,
Console.WriteLine(names.Length);
That will print "0", telling you that the array was empty and you cannot grow or shrink it on runtime. On the other hand you can easy do so.
The generic stuff really don't matter much in my opinion, you can do the same,
var list = new List<string> ();
var list = new string[] { };
But however, the helper functions are very much great in List objects as compared to the Array objects. The comparisons have been made for a lot of time, you can read any of other articles as well.
The sh*t I complain about
It's like there ain't a cloud in the sky and it's raining out - Eminem
~! Firewall !~
modified 3-Feb-17 7:39am.
|
|
|
|
|
Thanks afzaal I have cleared my concept
|
|
|
|
|
Basically, don't use an ArrayList at all - it was superseded in V2.0 of the .NET framework when Generics were added to the C# language: and that was back in 2005! You should not be designing ArrayList into new developments unless you are interfacing with legacy code that requires them.
Use a List<T> instead.
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|
|
Because arrayList has its own operatons on list different from array
|
|
|
|
|
Hi.
I'm using WebBrowser to display authenticated web page. I implemented the interfaces decribed in this post.
object obj = myBrowser.ActiveXInstance;
IOleObject oc = obj as IOleObject;
oc.SetClientSite(this as IOleClientSite);
string authHeader = "WWW-Authenticate: Negotiate\r\n";
myBrowser.Navigate(_URL, "", null, authHeader);
I'm using Negotiate so I can use also SSO. The authenticate method is implemented like this:
public int Authenticate(ref IntPtr phwnd, ref IntPtr pszUsername, ref IntPtr pszPassword)
{
pszUsername = Marshal.StringToCoTaskMemAuto("user");
pszPassword = Marshal.StringToCoTaskMemAuto("pass");
return S_OK;
}
It works well. But the problem is when I want to authenticate the user with different domain. This doesn't work:
pszUsername = Marshal.StringToCoTaskMemAuto(@"domain\user");
pszUsername = Marshal.StringToCoTaskMemAuto("user@domain");
I'm not able to display the page for users with different domains. It returns unauthorized.
I don't know what changes to make so it's working..
Thank you.
|
|
|
|
|
Forget about the code for a second; can you give us an example of which domain you would like to authenticate? See, if you're authenticating someone from, say, Microsoft, then their domain-server would have to trust[^] yours.
The network-name might not always the same as the domain that is used on the internet.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
The app I'm connecting to, runs on our server. There is also web login to the server app. The users log in using domain with their username (domain\user1).
I'm not very familiar with this technology but I will look up necessary facts, if you need more info.
|
|
|
|
|
..so, the user opens a webpage on your webserver, logs in using a form? Can the user login using those credentials using a regular browser?
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
Yes, the user can log in using the form on webpage with the given credentials. In the web form the user selects the domain, put down the username and password. As I was told the domain and the username are then put together like this "domain\username" when the logging is being processed.
That led me to conclusion that I should concatenate the domain and the username in the winforms app too. But I'm getting unauthorised.
So I thought that there is something else I should set..
|
|
|
|
|
kubiiik wrote: So I thought that there is something else I should set.. You should be able to sign in on your own website without modifications. The WebBrowser-control is "just" an instance of IE, nothing special.
The thing that threw me off was the reference to "other domains". You wouldn't be able to authenticate people from the domain our company uses, simply because it is outside the network.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
Eddy Vluggen wrote: You should be able to sign in on your own website without modifications. The WebBrowser-control is "just" an instance of IE, nothing special.
Just to clarify, we do not display any login page in the webBrowser. If the user log in using regular browser, the log in page is displayed. But when using the C# winforms app, the log in is set in the app and used as string in the Authenticate method.
Eddy Vluggen wrote: The thing that threw me off was the reference to "other domains". You wouldn't be able to authenticate people from the domain our company uses, simply because it is outside the network.
I don't understand the domain users much (I had to google more info about it), but I think that the domain controller should handle the users (according to http://www.howtogeek.com/194069/what-is-a-windows-domain-and-how-does-it-affect-my-pc/[^]).
|
|
|
|
|
kubiiik wrote: Just to clarify, we do not display any login page in the webBrowser. If the user log in using regular browser, the log in page is displayed. But when using the C# winforms app, the log in is set in the app and used as string in the Authenticate method. Thanks for that clarification
I was expecting windows-authentication, which would not require a special login.
kubiiik wrote: I don't understand the domain users much (I had to google more info about it), but I think that the domain controller should handle the users Yes, but you won't be able to verify anyone outside your own domain.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
According to the new information I got, the server end has only implemented WindowsBasicAuthenticator, which ignores these domains.
But unless the server end implementation is updated, I will not know that for sure.
Anyway, thank you for your time
|
|
|
|
|
I recently installed Microsoft Visual Studio Community 2015.
When running my app in Visual Studio (developed with previous version of Visual c# as express edition 2005, 2008, 2010) , it's ending on unhandled exceptions rather than showing a message box with the exception info and continuing on as I was used to.
What options do I need to change to get it back to the behavior I'm used to (with Visual c# express edition 2005, 2008, 2010)?
Regards
Roberto
|
|
|
|
|
Since we have no idea what your code is doing, it is impossible to answer. You need to collect more information about where the exception occurs, and why.
|
|
|
|
|
Ok I think that what is doing the sw now is not important. Before (years ago), when I was creating the app and testing it (but this was common to any app created in the past), the environment Visualc# express edition 2010 was configured in a way that, in case of error, a popupwindow was showed besides the line where the code was halted because of a Runtime error. Popup Windows was giving some information, in some cases very exhaustive in some other less but useful anyway about the reason of the fault.The line of code itself was highlighted green (or some other color i can't remember). So I knew where the code had a problem (Runtime). Now the point of your question is exactly this. In the new environment I cannot identify neither the point nor the reason for the fault. The app exits and simply return an error code not so useful in my opinion.
Regards
Roberto
|
|
|
|
|
The information should all be provided by the debugger.
|
|
|
|
|