public ActionResult CreateSupplierDetails(M_SuppliersDetails data) { try { data.CreateID = user.EmployeeNo; data.CreateDate = DateTime.Now; data.UpdateID = user.EmployeeNo; data.UpdateDate = DateTime.Now; string Query = ""; Query += "INSERT INTO [dbo].[M_SuppliersDetails]" + " ([SupplierID]" + " ,[ContactTitle]" + " ,[ContactFirstName]" + " ,[ContactLastName]" + " ,[ContactPosition]" + " ,[ContactEmail]" + " ,[ContactTelephone]" + " ,[ContactCellphone]" + " ,[IsDeleted]" + " ,[CreateID]" + " ,[CreateDate]" + " ,[UpdateID]" + " ,[UpdateDate])" + "VALUES" + " ('" + data.SupplierID + "'," + " '" + data.ContactTitle + "'," + " '" + data.ContactFirstName + "'," + " '" + data.ContactLastName + "'," + " '" + data.ContactPosition + "'," + " '" + data.ContactEmail + "'," + " '" + data.ContactTelephone + "'," + " '" + data.ContactCellphone + "'," + " '" + 0 + "'," + " '" + data.CreateID + "'," + " '" + data.CreateDate + "'," + " '" + data.UpdateID + "'," + " '" + data.UpdateDate + "')"; SqlCommand cmdSql = new SqlCommand(); cmdSql.Connection = conn; cmdSql.CommandTimeout = 0; cmdSql.CommandText = Query; conn.Open(); cmdSql.ExecuteNonQuery(); conn.Close(); return(Json(new { msg = "Success" }, JsonRequestBehavior.AllowGet)); } catch (Exception err) { return(Json(new { msg = err.Message }, JsonRequestBehavior.AllowGet)); } }
public ActionResult UpdateSuppliersDetails(M_SuppliersDetails data) { try { data.CreateID = user.EmployeeNo; data.CreateDate = DateTime.Now; data.UpdateID = user.EmployeeNo; data.UpdateDate = DateTime.Now; string Query = ""; Query += "UPDATE [dbo].[M_SuppliersDetails] SET " + " [ContactTitle] = '" + data.ContactTitle + "'" + " ,[ContactFirstName]= '" + data.ContactFirstName + "'" + " ,[ContactLastName]= '" + data.ContactLastName + "'" + " ,[ContactPosition]= '" + data.ContactPosition + "'" + " ,[ContactEmail]= '" + data.ContactEmail + "'" + " ,[ContactTelephone]= '" + data.ContactTelephone + "'" + " ,[ContactCellphone]= '" + data.ContactCellphone + "'" + " ,[UpdateID]= '" + data.UpdateID + "'" + " ,[UpdateDate]= '" + data.UpdateDate + "'" + " WHERE [ID] = '" + data.ID + "'"; SqlCommand cmdSql = new SqlCommand(); cmdSql.Connection = conn; cmdSql.CommandTimeout = 0; cmdSql.CommandText = Query; conn.Open(); cmdSql.ExecuteNonQuery(); conn.Close(); return(Json(new { msg = "Success" }, JsonRequestBehavior.AllowGet)); } catch (Exception err) { return(Json(new { msg = err.Message }, JsonRequestBehavior.AllowGet)); } }