DevStudent

Download Ajax Control Tool Kit from below link

Ajax control toolkit download link

Extract The file then Go To Visual Studio 
Open Tool Box
Right Click On The Existing Tab
And Click On Add New Tab 
Name the tab
Right click on the newly tab
click on choose all items
Template Will Be Open And Select Browse Go To The Location
And Select AjaxControlTOolkit.dll  
Click Open It Will Open Security PopUp Window - Select Yes
Ajax controls will be added in toolbox which can be used to extend the existing functionality of ASP.NET controls.

Master pages are used to create common layout for multiple websites.
Master pages will have .master as page extension and we can see output of master page directly.
Multiple web forms(.aspx pages) can be created using single master page. All these web forms will inherit the UI and functionality from its master page.
Output of the master page can be tested by testing its child pages which inherits its master page UI and functionality.

When multiple pages are created using a master page, Common UI and behavior of all the web forms can be controlled from master pages.

ASP.NET is a technology under .NET Framework which is used to create web sites.
ASP stands for Active Server Pages.

HTML, CSS and javascript are used as basic building blocks for developing websites using ASP.NET.

C#.NET will act as a code behind language along with ASP.NET to implement the functional logic of websites.

Hacking database by entering input data which maninpulates sql queries is

known as sql injection.

Example:

Expected: select * from tbl_data where name='admin' and pwd='password'
Hacked: select * from tbl_data where name='admin' and pwd=' or 'a'='a'

With sql injection attacker may overwrite or delete data in database, can make app to behave in a different way.


SQL injection can be done using post and get parameters, cookie values, form fields and header values.

Parmeterized sql queries will help in controlling sql injection.

In .NET - > ADO.NET -> SQL queries using parameters(@name) to append values in query is recommended.


Input client side validations will also mitigate sql injection issues.

stored procedures will reduce sql injection.

ref stands for reference and out stands for output.

ref parameter variable should be initialized before we call the method. That value will be used a as reference value in the method.

out parameter variable initialization is not required but it should be returned by the method.

Example program

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;

namespace FirstConsole
{
    class Program
    {
        static void Main(string[] args)
        {
            Program p = new Program();
            //val1 has to be initialized
            int val1 = 10;
            p.Add(ref val1);
            //val2 initialization not required
            int val2;
            int j = p.Sub(out val2);
            Console.WriteLine(j);
            Console.ReadKey();

        }

        public void Add(ref int val1)
        {            //code goes here
            Console.WriteLine("Hello");
        }
        public int Sub(out int val2)
        {
//val2 is changed from 2 to 5
            val2 = 5;
            return val2;
        }
    }
}

// 1. create a command object identifying

        // the stored procedure

        SqlCommand cmd  = new SqlCommand(

               "CustOrderHist", conn);

        // 2. set the command object so it knows

        // to execute a stored procedure

        cmd.CommandType = CommandType.StoredProcedure;

        // 3. add parameter to command, which

        // will be passed to the stored procedure

        cmd.Parameters.Add(

               new SqlParameter("@CustomerID", custId));

DataSet is used in disconnected architecture to store database tables. It can hold multiple tables in it. It is used to store information retrieved by DataAdapter in disconnected architecture. Data adapter will execute the command and fill the dataset with the data retrieved by execution of SQL command.

DataAdapter is used to disconnected architecture to execute all the commands. It is capable of opening the connection to the database server, executing the command, Storing data in DataSet and closing the connection.

//Connected Architecture - update

        //Update Category

        private void BtnUpdateCategory_Click(object sender, EventArgs e)

        {

            //SqlCommand to update Category

            SqlCommand cmd = new SqlCommand("exec Usp_UpdateCategory '"+CBExistingCategories.Text+"','"+TxtUpdateCategory.Text+"'", con);

            //Open connection

            con.Open();

            //Execute update command

            int i = cmd.ExecuteNonQuery();

            con.Close();

            if (i > 0)

            {

                //Refresh Category list

                PopulateCategories();

                //Show first Category

                CBExistingCategories.SelectedIndex = 0;

                MessageBox.Show("Category Updated Successfully");

            }

            else { MessageBox.Show("Category Not Updated"); }

           

        }