protected void submitButton_Click(object sender, EventArgs e)
{
// get DBM object
DBMaster dbm = new DBMaster();
// get vars from input
string productName = newProductNameInput.Text,
productDescription = newProductDescriptionInput.Text,
productPrice = newProductPriceInput.Text,
productQuantity = newProductQuantityInput.Text,
// generate query
query = "INSERT INTO [dbo].[products] ([productName],[description],[price],[currentAmount]) VALUES (\'" + productName + "\',\'" + productDescription + "\',\'" + productPrice + "\',\'" + productQuantity + "\')";
// execute the query
dbm.executeQuery(query);
// close connection
dbm.closeConnection();
// clear text fields
newProductNameInput.Text = "";
newProductDescriptionInput.Text = "";
newProductPriceInput.Text = "";
newProductQuantityInput.Text = "";
}
protected void submit_Click(object sender, EventArgs e)
{
// vars
string id = Session["userID"].ToString(),
firstN = fname.Text,
lastN = lname.Text,
userN = usernm.Text,
passW = passw.Text,
addres = addrs.Text,
emailA = email.Text,
phoneN = phone.Text,
query = "UPDATE [dbo].[person] SET [firstName] = \'" + firstN + "\', [lastName] = \'" + lastN + "\', [userName] = \'" + userN + "\', [password] = \'" + passW + "\', [address] = \'" + addres + "\', [email] = \'" + emailA + "\', [phone] = \'" + phoneN + "\' WHERE id = " + id;
dbm.executeQuery(query);
// close connection
dbm.closeConnection();
// send user to next page
Response.Redirect("showUser.aspx");
}
protected void Page_Load(object sender, EventArgs e)
{
// check if user logged in
if (Session["ID"] == null)
{
Response.Redirect("../index.aspx");
}
// Vars
string ID = Session["ID"].ToString(), // user ID
PID = Request.QueryString["id"], // product id passed from product page
query = "select * from [dbo].[person] where id = '" + ID + "'", // query to get personal details of user
emailMsg = "", // msg that will be emailed to customer
customerName = "", // first name of customer
customerAddress = "", // customer's address
customerEmail = "", // customer's email
productName = "", // name of product with PID
productPrice = ""; // price of product with PID
uint productAmount = 0; // uint ensures positive values only
// Establish DB connection
dbm = new DBMaster();
// Get reader for DB
SqlDataReader reader = dbm.getReader(query);
if (reader.Read()) // ensure that valid id was passed
{
customerAddress = reader["address"].ToString();
customerName = reader["firstName"].ToString();
customerEmail = reader["email"].ToString();
}
else // Session ID is incorrect, force user to log in again
{
Session["ID"] = null;
Response.Redirect("../index.aspx");
}
// get new reader for person table
reader.Close();
query = "select * from [dbo].[products] where pid = '" + PID + "'";
reader = dbm.getReader(query);
if (reader.Read())
{
productName = reader["productName"].ToString();
productPrice = reader["price"].ToString();
string temp = reader["currentAmount"].ToString(); // temp storage
try // this will fail if currentAmount is not a positive integer
{
if (!UInt32.TryParse(temp, out productAmount))
{
throw new FormatException("invalid database entry 'currentAmount'"); // the conversion did not succeed
} // end if (!UInt32.TryParse(temp, out productAmount))
} // end try
catch (FormatException error)
{
reader.Close(); // close reader
query = "update [dbo].[products] set [currentAmount] = '0' where pid = '" + PID + "'";
dbm.executeQuery(query); // set currentAmount to 0 to correct this error
Msg.Text = "We are sorry, the item you attempted to purchase is out of stock. You will be redirected shortly."; // display error to user
Thread.Sleep(5000); // allow time for user to read error
dbm.closeConnection(); // close connection to db
Response.Redirect("productPage.aspx?error=" + error.Message); // return user to product page
} // end catch
} // end if (reader.Read())
else // the PID passed was invalid
{
Response.Redirect("productPage.aspx");
}
// update DB to account for the sale
query = "update [dbo].[products] set [currentAmount] = '" + (productAmount - 1) + "' where pid = '" + PID + "'";
dbm.executeQuery(query);
// close connection
dbm.closeConnection();
// send email to customer
emailMsg = "Hi " + customerName + " Thank you for your purchase of " + productName + ". <br /> Your credit card on file will be charged $" + productPrice + ", and the item will be shipped to your address at: <br /> " + customerAddress + " <br /> We hope to see you again soon!";
sendEmail(customerEmail, emailMsg);
// display message to user that sale was completed
Msg.Text = "Thank you for your purchase, " + customerName + ". <br /> Your credit card on file will be charged $" + productPrice + " for your purchase of " + productName + ", and the item will be shipped to your address at: <br /> " + customerAddress + " <br /> We hope to see you again soon! <br /> <br /> <b>Note:</b> A copy of this invoice will also be sent to your email on file.";
}
