Larry,

    Do you mind if I ask what the URL to your website is?  What company do you work for?

 - Matt 

Matt: Thanks for asking. I'm not quite where I want to be with it but you may find some interesting things there:

http://www.wemakebetterpaint.com

is the web site. I'm working with you and another person right now, both of you in VB. I'm planning to have a linked with a zipped file that can be downloaded, unzipped, and then opened to be a starting web site.  This might be the strategy--help someone starting bypass the largest hurdle, and then come back later and peruse the steps that might have been done in the beginning.

 I want to work with people here on the forum.  I suspect the forum will endure longer than my web site.  For the other question, as of this February I will have worked two years for Sampson Coatings in Richmond, VA.

-Larry

Getting started: If you can open up a code behind (make certain to choose VB) page and modify it to the match the example shown with the name SQL-inject.aspx (and SQL-inject.aspx.vb) then you have one more thing to do.

Open the web.config file and copy over the line that says

<connectionStrings />

 and change it to be

 

  <connectionStrings>
    <add name="ConnectionString" connectionString="Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\Database.mdf;Integrated Security=True;User Instance=True" providerName="System.Data.SqlClient"/>
  </connectionStrings>

 

 

 Larry,

    I feel like an idiot... I've got everything working now.  I have all of my data now in the database.

  - Matt

 The only part that I cannot get working is my Telerik RadGrid.  I've been patiently waiting for a reply in their forum but no-one will help me with it.  Any ideas.

Is there a web page on their web site that advertises/shows what this control should be doing? I don't want to say I can duplicate it but it might help us both in the long run to take a stab at approximating it. Also, I want to send you an example (and SQL injection code to build tables and put in data) for a triple join. I'm thinking you would like to have tables for information such that one is for products, one is for customers and the third ties to both and each row in the third is a transaction (buying a product). This could be useful for so many things I'm kind of feeling (laughing a little) impatient to get it going. Have a good day! -Larry

 Larry,

    That sounds great.  You can download a trial version of telerik from their site but they also have example of basic databinding on their site, which I already have working.  I need to get the multi-join working.

 Thanks,

     Matt 

Please find below: 1)SQL statements to be injected to create tables and add data, 2)Store.aspx, 3)Store.aspx.vb

********
SQL statements below
********

CREATE TABLE Test3_Products
(id smallint IDENTITY(1,1) PRIMARY KEY,
productcode nvarchar(10) NOT NULL,
price money NOT NULL,
productname nvarchar(50) NOT NULL)

CREATE TABLE Test3_Purchases
(id smallint IDENTITY(1,1) PRIMARY KEY,
customercode nvarchar(50) NOT NULL,
productcode nvarchar(10) NOT NULL,
quantity int NOT NULL)

CREATE TABLE Test3_Customers
(id smallint IDENTITY(1,1) PRIMARY KEY,
customercode nvarchar(5) NOT NULL,
customername nvarchar(50) NOT NULL,
customerbillingstreetaddress nvarchar(50) NOT NULL,
customerbillingcity nvarchar(20) NOT NULL,
customerbillingstate nvarchar(2) NOT NULL,
customerbillingzipcode nvarchar(5) NOT NULL)


INSERT INTO Test3_Products (productcode, price, productname) VALUES ('acrylic01',20,'1 Gallon Acrylic Exterior White Paint')
INSERT INTO Test3_Products (productcode, price, productname) VALUES ('acrylic02',20,'1 Gallon Acrylic Interior White Paint')
INSERT INTO Test3_Products (productcode, price, productname) VALUES ('vnylacrl01',17,'1 Gallon Vinyl Acrylic Ceiling White Paint')
INSERT INTO Test3_Products (productcode, price, productname) VALUES ('acrylic03',20,'1 Gallon Acrylic Kitchen & Bath White Paint')
INSERT INTO Test3_Products (productcode, price, productname) VALUES ('finish01',20,'1 Gallon High Sheen Clear Furniture Finish')
INSERT INTO Test3_Products (productcode, price, productname) VALUES ('finish02',20,'1 Gallon Gloss White Furniture Finish')

INSERT INTO Test3_Customers (customercode, customername, customerbillingstreetaddress, customerbillingcity, customerbillingstate, customerbillingzipcode) VALUES 
('00001','Jane Doe','123 Jefferson Lane', 'Alexandria', 'VA', '12345')
INSERT INTO Test3_Customers (customercode, customername, customerbillingstreetaddress, customerbillingcity, customerbillingstate, customerbillingzipcode) VALUES 
('00002','Jose Cuervo','123 Borges Ave', 'Dallas', 'TX', '34567')
INSERT INTO Test3_Customers (customercode, customername, customerbillingstreetaddress, customerbillingcity, customerbillingstate, customerbillingzipcode) VALUES 
('00003','Angelina Pitt','123 White Water Cnyn','Beverly Hills', 'CA', '90210')

 

*********please find below Store.aspx******

 

<%@ Page Language="VB" AutoEventWireup="false" CodeFile="Store.aspx.vb" Inherits="Store" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title></title>
</head>
<body>
    <form id="form1" runat="server">
    
    <asp:Button ID="DisplayButton" runat="server" Text="Display" />
    
     
    
    <asp:Button ID="BuyButton" runat="server" Text="Buy" />
    
             
    
    <asp:Button ID="DeleteTableButton" runat="server" Text="Delete Everything" />
    
    <br /><br />
    
    Quantity: 
    <asp:TextBox ID="QuantityTextBox" runat="server"></asp:TextBox>
    
    <asp:SqlDataSource ID="CustomerSqlDataSource" runat="server" 
        ConnectionString="<%$ ConnectionStrings:ConnectionString %>" 
        SelectCommand="SELECT [customercode], [customername] FROM [Test3_Customers]"></asp:SqlDataSource>
    
    <asp:DropDownList ID="CustomerDropDownList" runat="server" 
        DataSourceID="CustomerSqlDataSource" DataTextField="customername" 
        DataValueField="customercode">
    </asp:DropDownList>
    
    <br /><br />

    <asp:SqlDataSource ID="ProductSqlDataSource" runat="server" 
        ConnectionString="<%$ ConnectionStrings:ConnectionString %>" 
        SelectCommand="SELECT [productcode], [productname] FROM [Test3_Products]"></asp:SqlDataSource>
    <asp:RadioButtonList ID="ProductRadioButtonList" runat="server" 
        DataSourceID="ProductSqlDataSource" DataTextField="productname" 
        DataValueField="productcode">
    </asp:RadioButtonList>
    
    
    <br /><br />
    
    <div id="thelines" runat="server" />

    </form>
</body>
</html>

 

******please find below Store.aspx.vb*******

Imports System.Data.SqlClient

Partial Class Store
    Inherits System.Web.UI.Page

    Protected Sub DisplayButton_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles DisplayButton.Click

        Dim conn2 As New SqlConnection("Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\Database.mdf;Integrated Security=True;User Instance=True")

        thelines.InnerHtml = ""

        conn2.Open()

        Dim selectstatement As String = "SELECT u.id AS id, u.quantity AS quantity, c.customername AS name, c.customerbillingstreetaddress AS address, c.customerbillingcity AS city, c.customerbillingstate AS state, c.customerbillingzipcode AS zipcode, r.productname AS productname, r.price AS price FROM Test3_Purchases u INNER JOIN Test3_Customers c ON c.customercode=u.customercode INNER JOIN Test3_Products r ON r.productcode=u.productcode"

        Dim cmd2 As SqlCommand = New SqlCommand(selectstatement, conn2)
        Dim reader2 As SqlDataReader = cmd2.ExecuteReader()

        While reader2.Read()


            thelines.InnerHtml += reader2("quantity").ToString() & "- " & reader2("productname") & " &nbsp; &nbsp; Price: $" & reader2("price") & "<br />"
            thelines.InnerHtml += "<ul>"
            thelines.InnerHtml += reader2("name").ToString() & "<br />"
            thelines.InnerHtml += reader2("address").ToString() & "<br />"
            thelines.InnerHtml += reader2("city").ToString() & ", " & reader2("state").ToString() & "<br /><br />"
            thelines.InnerHtml += "</ul>"

        End While
        reader2.Close()

        conn2.Close()

    End Sub

    Protected Sub BuyButton_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles BuyButton.Click

        Dim conn As New SqlConnection("Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\Database.mdf;Integrated Security=True;User Instance=True")

        conn.Open()

        Dim thequantity As Integer = QuantityTextBox.Text
        Dim theproductcode As String = ProductRadioButtonList.SelectedValue
        Dim thecustomercode As String = CustomerDropDownList.SelectedValue

        Dim insertstatement As String = ""
        insertstatement = "INSERT INTO Test3_Purchases (quantity, productcode, customercode) VALUES (" & thequantity.ToString() & ",'" & theproductcode & "','" & thecustomercode & "')"
        Dim cmd As SqlCommand = New SqlCommand(insertstatement, conn)

        cmd.ExecuteNonQuery()

        conn.Close()
    End Sub

    Protected Sub DeleteTableButton_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles DeleteTableButton.Click

        Dim conn As New SqlConnection("Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\Database.mdf;Integrated Security=True;User Instance=True")

        conn.Open()

        Dim killstatement As String = "TRUNCATE TABLE Test3_Purchases"
        Dim cmd As SqlCommand = New SqlCommand(killstatement, conn)

        cmd.ExecuteNonQuery()

        thelines.InnerHtml = "All gone!"


        conn.Close()

    End Sub
End Class

 

I will be testing the code posted previously in a new web site, even though it was copy-pasted from a working site.

Apparently the comma in a string statement caused the display program to freak out and go red for most of the remaining text.  I regret this because I wanted you to have the benefit of color coding.

Regarding the INNER JOIN statement..

"SELECT u.id AS id, u.quantity AS quantity, c.customername AS name, c.customerbillingstreetaddress AS address, c.customerbillingcity AS city, c.customerbillingstate AS state, c.customerbillingzipcode AS zipcode, r.productname AS productname, r.price AS price FROM Test3_Purchases u INNER JOIN Test3_Customers c ON c.customercode=u.customercode INNER JOIN Test3_Products r ON r.productcode=u.productcode"

 ..yes, it is an anaconda but hopefully it will look less daunting when presented in smaller pieces

 
"SELECT u.id AS id, 
     u.quantity AS quantity, 
     c.customername AS name, 
     c.customerbillingstreetaddress AS address,  
     c.customerbillingcity AS city, 
     c.customerbillingstate AS state, 
     c.customerbillingzipcode AS zipcode,  
     r.productname AS productname,  
     r.price AS price 
FROM Test3_Purchases u 
     INNER JOIN Test3_Customers c 
          ON c.customercode=u.customercode 
     INNER JOIN Test3_Products r 
          ON r.productcode=u.productcode"
 

It has the format SELECT ... FROM ....

Because we are doing interjoins, we use the variables c, r and u to represent Test3_Customers, Test3_Products and Test3_Purchases respectively

c <--> Test3_Customers

r <--> Test3_Products

u <--> Test3_Purchases

I prefer to have the single letter match the first letter of the table name but this time we had Products and Purchases so I went with the second letter.

When an INNER JOIN is created, the chosen letter is placed after the table name with no punctuation code

example:  Test3_Customers c INNER JOIN Test3_Purchases u

but when used with a field name it is placed before the field name and there is a period between the letter and the field name

example: c.customername, p.productname

Yes, you will want to have this written down until you've used it a few times

The word AS is used to associate a specific field in a specific table with a general word that will be put in a reader

(I'm not certain but I THINK if you put a.name in the reader then you don't need the 'AS name' part)

If you want a reader to see an id, well, every table has a field id so which one?

c.id AS id tells the computer computer that the general code 'id' specifically refers to the id located in the table designated by c (in this case Test3_Customers)

Often the general code is identical to the field name (r.productname AS productname) but this isn't required.  We shortened customerbillingname to name in

c.customerbillingname AS name, both for brevity and also to have the example show that they don't have to be the same.

The word ON and an equality such as r.productname=u.productname comes after an INNER JOIN

Example: alpha a INNER JOIN beta b ON a.something=b.something (something is a field common to table alpha and table beta)

Finally, the general structure if you have multiple joins is:

alpha a INNER JOIN beta b ON a.something=b.something INNER JOIN gamma g ON b.algo=g.algo INNER JOIN delta d ON g.etwas=d.etwas

Notice that additional joins are added by giving a new table name with defining letter followed by defining where the match occurs

It wasn't necessary for the fields to have identical names (you might call a field 'productname' in one table and just 'product' in another).  However, I recommend that when you create tables, you go out of your way to make certain that fields to be joined later have identical names to make it easier for you.

In the example table alpha joined to table beta, table beta joined to table gamma, table gamma joined to table delta.  This wasn't necessary.  In fact, I'm thinking that in the next example, which will be bigger, the table for purchases will be the "hub" of the joins, with several joins to it (thus the example would join beta to alpha, join gamma to alpha and join delta to alpha.

One crucial fact: when there is a join, the two fields join must be typed identically (e.g. joining an int field to an int field, joining a price field to a price field, joining an nvarchar(15) to an nvarchar(15), etc.)  It is important that you think about joins as you design your tables on paper before you create them.

-Larry

I may have pushed to much or pushed to far in this instance.  My goal was that you would see the use of INNER JOIN, ON, single alphabet letters designating tables, use of a textbox control to send data to the code behind page (and from there to table in the database using SQL).  I can add smaller examples (and will be working on some for the web site.)  When I started with this I had done some work with table joining using Lotus Approach and I saw some things in video tutorials--perhaps someone who hasn't seen these things would find INNER JOIN to be more of a challenge.

Alternately, if things clicked and you want me to push further, my next step might be to do something that generates dynamic controls.  Example: a customer logs in who has utilized various "ship to" addresses in the past.  We appreciate that this customer buys things for themself, for their children, for their grandchildren, so we want them to just have a click button next to each possible ship to address, and to have a section where they can add yet another send to address (buy! buy! buy! : - )