The code in Listing 22.6 is behind the EditFile.aspx page. This page allows users to edit information about the files that they have uploaded, as shown in Figure 22.4. Some of the fields are read-only and are there to display relevant information. Figure 22.4. This Page Allows Users to Edit Information and View other Relevant Information.There are five methods in the code in Listing 22.6: Page_Load(), Main_Click(), Cancel_Click(), Delete_Click(), and Save_Click(). The Page_Load() method retrieves information about the file that's to be edited and puts the information into the user interface objects. The Main_Click() method simply goes to the main menu (Default.aspx). The Cancel_Click() method simply goes back to the Manage Files page (MngFiles.aspx). The Delete_Click() method deletes a file from disk and removes any references to it in the database. And the Save_Click() method saves all of the edited information to disk before going back to the Manage Files page. Listing 22.6 This Code Is behind the EditFile.aspx Page.// This method is called when the page first loads. private void Page_Load(object sender, System.EventArgs e) { if( !IsPostBack ) { // Create a connection object. SqlConnection objConnection = new SqlConnection(ConfigurationSettings.AppSettings["ConnectString"]); try { // Open the connection. objConnection.Open(); string strSql = "Select Name,ID from FileGroup where OwnerID"] ) + " order by name"; // Create a command object. SqlCommand objCommand = new SqlCommand( strSql, objConnection ); SqlDataReader objReader = objCommand.ExecuteReader(); GroupList.DataTextField = "Name"; GroupList.DataValueField = "ID"; GroupList.DataSource = objReader; GroupList.DataBind(); objReader.Close(); strSql = "select * from FileInfo where ID"]; // Create a command object. objCommand = new SqlCommand( strSql, objConnection ); objReader = objCommand.ExecuteReader(); if( objReader.Read() ) { Title.Text = Convert.ToString( objReader["Title"] ); Version.Text = Convert.ToDouble( objReader["Version"] ).ToString( "0.00" ); Description.Text = Convert.ToString( objReader["Description"] ); Filename.Text = Convert.ToString( objReader["Filename"] ); FileSize.Text = Convert.ToString( objReader["Filesize"] ); Directory.Text = Convert.ToString( objReader["Directory"] ); Downloads.Text = Convert.ToString( objReader["Downloads"] ); for( int i=0; i<GroupList.Items.Count; i++ ) { if( Convert.ToInt32( GroupList.Items[i].Value ) == Convert.ToInt32( objReader["GroupID"] ) ) { GroupList.SelectedIndex = i; break; } } } objReader.Close(); } catch( Exception ex ) { // Alert the user to the error. ErrorMessage.Text = ex.Message.ToString(); } finally { // Close the connection. if( objConnection.State == ConnectionState.Open ) { objConnection.Close(); } } } } private void Main_Click(object sender, System.EventArgs e) { Response.Redirect( "Default.aspx" ); } private void Cancel_Click(object sender, System.EventArgs e) { Response.Redirect( "MngFiles.aspx" ); } private void Delete_Click(object sender, System.EventArgs e) { bool bOperationSucceeded = true; // Create a connection object. SqlConnection objConnection = new SqlConnection(ConfigurationSettings.AppSettings["ConnectString"]); try { // Open the connection. objConnection.Open(); string strSql = "Delete from FileInfo where ID"]; // Create a command object. SqlCommand objCommand = new SqlCommand( strSql, objConnection ); objCommand.ExecuteNonQuery(); string strFilePath = Request.MapPath( "." ) + "\\" + ConfigurationSettings.AppSettings["DirectoryName"] + "\\" + Directory.Text + "\\" + Filename.Text; File.Delete( strFilePath ); } catch( Exception ex ) { // Alert the user to the error. ErrorMessage.Text = ex.Message.ToString(); bOperationSucceeded = false; } finally { // Close the connection. if( objConnection.State == ConnectionState.Open ) { objConnection.Close(); } } if( bOperationSucceeded ) { Response.Redirect( "MngFiles.aspx" ); } } private void Save_Click(object sender, System.EventArgs e) { bool bOperationSucceeded = true; // Create a connection object. SqlConnection objConnection = new SqlConnection(ConfigurationSettings.AppSettings["ConnectString"]); try { // Open the connection. objConnection.Open(); string strSql = "Update FileInfo Set Title='" + Title.Text + "',Version=" + Version.Text + ",Description='" + Description.Text + "',Group where ID"]; // Create a command object. SqlCommand objCommand = new SqlCommand( strSql, objConnection ); objCommand.ExecuteNonQuery(); } catch( Exception ex ) { // Alert the user to the error. ErrorMessage.Text = ex.Message.ToString(); bOperationSucceeded = false; } finally { // Close the connection. if( objConnection.State == ConnectionState.Open ) { objConnection.Close(); } } if( bOperationSucceeded ) { Response.Redirect( "MngFiles.aspx" ); } } The Page_Load() method does database access and therefore has the things that all of our methods with database access have had: creation of a SqlConnection object, a try block for the working code, a catch block in which exceptions messages are displayed for users, and a finally block in which the database objects are cleaned up. Inside the try block, the SqlConnection is opened with the Open() method. Then, a SQL string is created using the logged-in user ID as the criteria. The recordsets will contain the Name and ID from the FileGroup table. The following code shows the creation of the SQL string: C#string strSql = "Select Name,ID from FileGroup where OwnerID"] ) + " order by name";VB Dim strSql As String = "Select Name,ID from FileGroup where " + _ "OwnerID= + Convert.ToString( Session("ID") ) + " order by name" If the logged-in user has an ID of 5, the following SQL will result: Select Name,ID from FileGroup where OwnerID=5 order by name A SqlCommand object is created using the SQL string and the SqlConnection object as arguments to its constructor. The SqlCommand object's ExecuteReader() method is then called, and this returns a SqlDataReader object containing the returned recordsets. There is a user interface object named GroupList of the type DropDownList. The SqlDataReader object is bound to this object so that the groups that belong to the logged-in user will be shown in the list. (The group ID is the data value, while the name is the display value.) We'll then need to retrieve the actual file information. This process starts by creating a SQL string based on the file ID (which is contained in an HTML parameter). The following line shows how the SQL string is formed: C#int nID = 0; try ( nID = Convert.ToInt32( Request.QueryString["ID"] ); } catch { } strSql = "select * from FileInfo where docEmphStrong">VBDim nID As Integer = 0 Try NID = Convert.ToInt32( Request.QueryString("ID") ) Catch End Try strSql = "select * from FileInfo where docText">If the file ID is 16, the following SQL will result:select * from FileInfo where ID=16 |