While writing codes in your application for insert delete update select you majorly does it with the help of stored procedures.
So for that we can have stored procedures that can be parameterized or without parameters.
So for that we need to pass the values from our application into the stored procedure while invoking it.
This is my stored procedure for updating user profile and taking all the details as arguments.
CREATE PROC [dbo].[uspUpdateUserProfile]
@AccessToken VARCHAR(50),
@FirstName VARCHAR(50),
@LastName VARCHAR(50),
@ProfileImage VARBINARY(MAX),
@JobRoleID BIGINT,
@CompanyID BIGINT,
@Password VARCHAR(50),
@PasswordSalt VARCHAR(50)
AS
IF EXISTS(SELECT 1 FROM [dbo].[User] WHERE AccessToken = @AccessToken AND IsDeleted = 0)
BEGIN
DECLARE @EncryptedPassword as VARBINARY(MAX);
SELECT @EncryptedPassword = ENCRYPTBYPASSPHRASE (@PasswordSalt, @Password);
IF LTRIM(RTRIM(@Password)) = ' ' OR @Password IS NULL
BEGIN
SET @EncryptedPassword = (SELECT [Password] FROM [dbo].[User] WHERE AccessToken = @AccessToken)
SET @PasswordSalt = (SELECT [PasswordSalt] FROM [dbo].[User] WHERE AccessToken = @AccessToken)
END
--Keeping profile image intact incase
IF @ProfileImage IS NULL
BEGIN
SET @ProfileImage = (SELECT [ProfileImage] FROM [dbo].[User] WHERE AccessToken = @AccessToken)
END
UPDATE [dbo].[User]
SET [FirstName] = @FirstName
,[LastName] = @LastName
,[ProfileImage] = @ProfileImage
,[JobRoleID] = @JobRoleID
,[CompanyID] = @CompanyID
,[Password] = @EncryptedPassword
,[PasswordSalt] = @PasswordSalt
WHERE AccessToken = @AccessToken
SELECT [ID],
[FirstName],
[LastName],
[ProfileImage],
[JobRoleID],
[Email],
[CompanyID],
CONVERT(VARCHAR(50), DECRYPTBYPASSPHRASE (PasswordSalt, Password)) [Password]
FROM [dbo].[User]
WHERE AccessToken = @AccessToken
END
After this, we will call this stored procedure into our application code by passing parameters.
SqlDataReader reader = null;
string profileImagePath = string.Empty;
bool isProfileImageUploaded = false;
empResponse = new EmployeeResponse();
empResponse.data = new EmployeeRequest();
using (SqlConnection sqlConnection = new SqlConnection(ConnectionString))
{
if (sqlConnection.State == ConnectionState.Closed)
{
sqlConnection.Open();
}
if (emp.ProfileImageByteArray != null && emp.ProfileImageByteArray.Length > 0)
{
try
{
MemoryStream memoryStream = new MemoryStream(emp.ProfileImageByteArray);
FileStream fileStream = new FileStream(System.Web.Hosting.HostingEnvironment.MapPath("~/ProfileImages/") + emp.AccessToken + ".png", FileMode.Create);
memoryStream.WriteTo(fileStream);
memoryStream.Close();
fileStream.Close();
fileStream.Dispose();
profileImagePath = ConfigurationManager.AppSettings["ProfileImageBaseAddress"].ToString() + emp.AccessToken + ".png";
isProfileImageUploaded = true;
}
catch (Exception ex)
{
profileImagePath = ConfigurationManager.AppSettings["ProfileImageBaseAddress"].ToString() + ConfigurationManager.AppSettings["DefaultProfileImage"].ToString();
}
}
List<SqlParameter> parameterList = new List<SqlParameter>();
parameterList.Add(new SqlParameter("@AccessToken", emp.AccessToken));
parameterList.Add(new SqlParameter("@FirstName", emp.FirstName));
parameterList.Add(new SqlParameter("@LastName", emp.LastName));
parameterList.Add(new SqlParameter("@ProfileImage",Convert.FromBase64String(profileImagePath)));
parameterList.Add(new SqlParameter("@JobRoleID", emp.JobRoleID));
parameterList.Add(new SqlParameter("@CompanyID", emp.CompanyId));
parameterList.Add(new SqlParameter("@Password", emp.Password));
parameterList.Add(new SqlParameter("@PasswordSalt", Guid.NewGuid().ToString()));
reader = SqlHelper.ExecuteReader(sqlConnection, CommandType.StoredProcedure, "uspUpdateUserProfile", parameterList.ToArray());
if (reader.HasRows)
{
while (reader.Read())
{
emp.Id = reader["ID"] != null ? !string.IsNullOrEmpty(Convert.ToString(reader["ID"])) ? Convert.ToInt32(Convert.ToString(reader["ID"]).Trim()) : 0 : 0;
emp.FirstName = reader["FirstName"] != null ? Convert.ToString(reader["FirstName"]).Trim() : string.Empty;
emp.LastName = reader["LastName"] != null ? Convert.ToString(reader["LastName"]).Trim() : string.Empty;
emp.ProfileImage = reader["ProfileImage"] != null ? Convert.ToBase64String((byte[])reader["ProfileImage"]).Trim() : string.Empty;
emp.JobRoleID = reader["JobRoleID"] != null ? Convert.ToString(reader["JobRoleID"]).Trim() : string.Empty;
emp.Email = reader["Email"] != null ? Convert.ToString(reader["Email"]).Trim() : string.Empty;
emp.CompanyId = reader["CompanyID"] != null ? Convert.ToString(reader["CompanyID"]).Trim() : string.Empty;
emp.Password = reader["Password"] != null ? Convert.ToString(reader["Password"]).Trim() : string.Empty;
break;
}
empResponse.Status = true;
empResponse.Message = "Profile details successfully updated.";
}
else
{
empResponse.Status = false;
empResponse.Message = "Unauthorized access.";
}
}
0 Comment(s)