Here’s how you can create a simple ASP.NET Web Forms page to insert data into the Patients table in your hospitaldb database using the provided connection string.
Steps to Create the Form
- Add the Connection String in
Web.config: Ensure the connection string is added to yourWeb.configfile as follows:
<connectionStrings>
<add name="hospitaldbConnectionString" connectionString="Data Source=DESKTOP-R22567N\SQLEXPRESS;Initial Catalog=hospitaldb;Integrated Security=True"
providerName="System.Data.SqlClient" />
</connectionStrings>Design the Web Form (InsertPatient.aspx):
<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="InsertPatient.aspx.cs" Inherits="HospitalManagement.InsertPatient" %>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title>Insert Patient</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css" rel="stylesheet" />
</head>
<body>
<form id="form1" runat="server" class="container mt-5">
<h2>Insert Patient</h2>
<div class="mb-3">
<label for="txtFirstName" class="form-label">First Name</label>
<asp:TextBox ID="txtFirstName" runat="server" CssClass="form-control"></asp:TextBox>
</div>
<div class="mb-3">
<label for="txtLastName" class="form-label">Last Name</label>
<asp:TextBox ID="txtLastName" runat="server" CssClass="form-control"></asp:TextBox>
</div>
<div class="mb-3">
<label for="txtDateOfBirth" class="form-label">Date of Birth</label>
<asp:TextBox ID="txtDateOfBirth" runat="server" CssClass="form-control" TextMode="Date"></asp:TextBox>
</div>
<div class="mb-3">
<label for="ddlGender" class="form-label">Gender</label>
<asp:DropDownList ID="ddlGender" runat="server" CssClass="form-control">
<asp:ListItem Text="Select Gender" Value="" />
<asp:ListItem Text="Male" Value="Male" />
<asp:ListItem Text="Female" Value="Female" />
</asp:DropDownList>
</div>
<div class="mb-3">
<label for="txtPhoneNumber" class="form-label">Phone Number</label>
<asp:TextBox ID="txtPhoneNumber" runat="server" CssClass="form-control"></asp:TextBox>
</div>
<div class="mb-3">
<label for="txtEmail" class="form-label">Email</label>
<asp:TextBox ID="txtEmail" runat="server" CssClass="form-control" TextMode="Email"></asp:TextBox>
</div>
<div class="mb-3">
<label for="txtAddress" class="form-label">Address</label>
<asp:TextBox ID="txtAddress" runat="server" CssClass="form-control"></asp:TextBox>
</div>
<div class="mb-3">
<label for="txtCity" class="form-label">City</label>
<asp:TextBox ID="txtCity" runat="server" CssClass="form-control"></asp:TextBox>
</div>
<div class="mb-3">
<label for="txtState" class="form-label">State</label>
<asp:TextBox ID="txtState" runat="server" CssClass="form-control"></asp:TextBox>
</div>
<div class="mb-3">
<label for="txtPostalCode" class="form-label">Postal Code</label>
<asp:TextBox ID="txtPostalCode" runat="server" CssClass="form-control"></asp:TextBox>
</div>
<asp:Button ID="btnSubmit" runat="server" Text="Submit" CssClass="btn btn-primary" OnClick="btnSubmit_Click" />
</form>
</body>
</html>Code-behind (InsertPatient.aspx.cs):
using System;
using System.Data.SqlClient;
using System.Configuration;
namespace HospitalManagement
{
public partial class InsertPatient : System.Web.UI.Page
{
protected void btnSubmit_Click(object sender, EventArgs e)
{
// Retrieve the connection string
string connectionString = ConfigurationManager.ConnectionStrings["hospitaldbConnectionString"].ConnectionString;
// SQL query to insert patient data
string query = "INSERT INTO Patients (FirstName, LastName, DateOfBirth, Gender, PhoneNumber, Email, Address, City, State, PostalCode, CreatedAt, UpdatedAt) " +
"VALUES (@FirstName, @LastName, @DateOfBirth, @Gender, @PhoneNumber, @Email, @Address, @City, @State, @PostalCode, GETDATE(), GETDATE())";
// Using block for database connection and command
using (SqlConnection conn = new SqlConnection(connectionString))
{
using (SqlCommand cmd = new SqlCommand(query, conn))
{
// Add parameters to the command
cmd.Parameters.AddWithValue("@FirstName", txtFirstName.Text);
cmd.Parameters.AddWithValue("@LastName", txtLastName.Text);
cmd.Parameters.AddWithValue("@DateOfBirth", txtDateOfBirth.Text);
cmd.Parameters.AddWithValue("@Gender", ddlGender.SelectedValue);
cmd.Parameters.AddWithValue("@PhoneNumber", txtPhoneNumber.Text);
cmd.Parameters.AddWithValue("@Email", txtEmail.Text);
cmd.Parameters.AddWithValue("@Address", txtAddress.Text);
cmd.Parameters.AddWithValue("@City", txtCity.Text);
cmd.Parameters.AddWithValue("@State", txtState.Text);
cmd.Parameters.AddWithValue("@PostalCode", txtPostalCode.Text);
// Open connection and execute the query
conn.Open();
cmd.ExecuteNonQuery();
}
}
// Display success message or redirect
Response.Write("<script>alert('Patient added successfully!');</script>");
}
}
}
Explanation of the Code
- Connection String: The connection string in
Web.configis used to connect to the database. - Form Elements:
TextBox,DropDownList, andButtonare used for user input and form submission. - SQL Query:
INSERT INTOquery with parameters is used to securely insert data into the database. - Using Blocks: Ensures proper disposal of
SqlConnectionandSqlCommandobjects. - Parameterization: Prevents SQL injection by using
@parameters.