public void SignDelete()
{
try
{
string input = POSTInputStreamReader(request);
SignUpdate signupdate = JsonConvert.DeserializeObject <SignUpdate>(input);
using (SqlConnection connection = new SqlConnection(connectionString))
{
string sql = "SELECT count(*) as counter FROM dbo.[User] " +
"WHERE Login='******' AND Password='******'";
connection.Open();
// Создаем объект DataAdapter
SqlDataAdapter adapter = new SqlDataAdapter(sql, connection);
// Создаем объект Dataset
DataSet ds = new DataSet();
// Заполняем Dataset
adapter.Fill(ds);
if (ds.Tables[0].Rows[0].Field <int>("counter") < 1)
{
response.StatusCode = 400;
Answer("Неверный логин или пароль", response);
return;
}
sql = "SELECT count(*) from dbo.Sign WHERE Author='" + HttpUtility.ParseQueryString(request.Url.Query).Get("login") +
"' AND Id=" + HttpUtility.ParseQueryString(request.Url.Query).Get("id");
SqlCommand command = new SqlCommand(sql, connection);
if (command.ExecuteScalar().ToString() == "1")
{
sql = "DELETE FROM dbo.[Sign] " + "WHERE id=" + HttpUtility.ParseQueryString(request.Url.Query).Get("id");
command = new SqlCommand(sql, connection);
command.ExecuteNonQuery();
}
else
{
response.StatusCode = 400;
Answer("Это объявление не ваше", response);
return;
}
response.StatusCode = 200; //good
Answer("Запись удалена", response);
}
}
catch (Exception e)
{
message.DynamicInvoke("Ошибка:" + e.Message);
}
}
public void Add_Sign()
{
try
{
string input = POSTInputStreamReader(request);
SignUpdate NewSign = JsonConvert.DeserializeObject <SignUpdate>(input);
using (SqlConnection connection = new SqlConnection(connectionString))
{
string sql = "SELECT count(*) as counter FROM dbo.[User] " +
"WHERE Login='******' AND Password='******'";
connection.Open();
// Создаем объект DataAdapter
SqlDataAdapter adapter = new SqlDataAdapter(sql, connection);
// Создаем объект Dataset
DataSet ds = new DataSet();
// Заполняем Dataset
adapter.Fill(ds);
if (ds.Tables[0].Rows[0].Field <int>("counter") < 1)
{
response.StatusCode = 400;
Answer("Неверный логин или пароль", response);
return;
}
sql = "INSERT INTO Sign VALUES(N'" + NewSign.GetParam("Name") + "', N'" + NewSign.GetParam("Category") +
"', '" + DateTime.Now.ToString("yyyy-MM-dd") + "', N'" + NewSign.GetParam("Adress") + "', 0, " + NewSign.GetParam("Price") +
", '" + HttpUtility.ParseQueryString(request.Url.Query).Get("login") + "','Active'); select scope_identity()";
SqlCommand command = new SqlCommand(sql, connection);
string test = NewSign.GetParam("Category");
var addingid = command.ExecuteScalar();
if (NewSign.Base64image != null)
{
sql = "select scope_identity()";
string pureimage = NewSign.Base64image.Substring(NewSign.Base64image.IndexOf(',') + 1);
File.WriteAllBytes(imgpath + addingid.ToString() + ".jpg", Convert.FromBase64String(pureimage));
}
response.StatusCode = 200; //good
Answer("Объявление добавлено", response);
}
}
catch (Exception e)
{
message.DynamicInvoke("Ошибка:" + e.Message);
}
}
public void Sign_Update()
{
try
{
string input = POSTInputStreamReader(request);
SignUpdate signupdate = JsonConvert.DeserializeObject <SignUpdate>(input);
using (SqlConnection connection = new SqlConnection(connectionString))
{
string sql = "SELECT count(*) as counter FROM dbo.[User] " +
"WHERE Login='******' AND Password='******'";
connection.Open();
// Создаем объект DataAdapter
SqlDataAdapter adapter = new SqlDataAdapter(sql, connection);
// Создаем объект Dataset
DataSet ds = new DataSet();
// Заполняем Dataset
adapter.Fill(ds);
if (ds.Tables[0].Rows[0].Field <int>("counter") < 1)
{
response.StatusCode = 400;
Answer("Неверный логин или пароль", response);
return;
}
string updatingid = HttpUtility.ParseQueryString(request.Url.Query).Get("signid");
sql = "EXEC UpdateSign N'" + signupdate.GetParam("Name") + "', N'" + signupdate.GetParam("Category") + "', N'" + signupdate.GetParam("Adress") + "', " + signupdate.GetParam("Price") + ", " + updatingid.ToString() + "";
SqlCommand command = new SqlCommand(sql, connection);
string test = signupdate.GetParam("Category");
command.ExecuteNonQuery();
response.StatusCode = 200; //good
Answer("Данные обновлены", response);
}
}
catch (Exception e)
{
message.DynamicInvoke("Ошибка:" + e.Message);
}
}
