|
|
|
|
| Thanks to the SQL Server extensions for the Web and XML, it is now possible to query a SQL Server database (and get the result as XML) as well as insert, update, and delete records in a database. In this tip I'll show a few examples of this technique. Here's a first example that shows how you can send an SQL command to delete a record: |
| Needless to say, this technique makes your database prone to all sort of malicious attacks. You can limit the risk by using command templates that you have configured. These templates work a bit like stored procedures that embed the data manipulation commands. Here is a template that deletes one record from the Employees table. |
 Click here to copy the following block | <root xmlns:sql='urn:schemas-microsoft-com:xml-sql'>
<sql:header >
<sql:param name="employeeId">0</sql:param>
</sql:header>
<sql:query >
delete from employees where employeeId=@employeeId
</sql:query>
</root> |
| Notice that the template can take arguments, exactly as a stored procedure does. In the above example, the only parameter is employeeId and is declared in the sql:header section. If this field is omitted when the template is used, its default value is zero. The sql:query section contains the actual SQL command and uses the argument, which appears here as @employeeId. Assuming that you've save the template in a file named DeleteEmployee.xml, here's how you can invoke the template via HTTP: |
|
|
|
|
|
|
Submitted By :
Nayan Patel
(Member Since : 5/26/2004 12:23:06 PM)
|
 |
|
|
Job Description :
He is the moderator of this site and currently working as an independent consultant. He works with VB.net/ASP.net, SQL Server and other MS technologies. He is MCSD.net, MCDBA and MCSE. In his free time he likes to watch funny movies and doing oil painting. |
|
View all (893) submissions by this author
(Birth Date : 7/14/1981 ) |
|
|