public bool CheckUserData(string account, string password)
{
try
{
string sql = "SELECT 1 FROM user WHERE account = @account AND password = @password;";
MySqlCommand cmd = db.MySqlCommand(sql);
cmd.Parameters.Add("@account", MySqlDbType.VarChar).Value = account;
cmd.Parameters.Add("@password", MySqlDbType.VarChar).Value = password;
db.Connect();
using (MySqlDataReader reader = cmd.ExecuteReader())
{
if (reader.Read())
{
return(true);
}
}
return(false);
}
catch (Exception ex)
{
string error = ex.ToString();
return(false);
}
finally
{
db.Disconnect();
}
}
public ActionResult OrderList()
{
List <Item> list = new List <Item>();
using (MyDataBase db = new MyDataBase())
{
string sql = String.Format(@" select order_list.id,item,price,product.cost,account,status from order_list, product where order_list.account = '{0}' and order_list.item = product.name", Session["account"]);
MySqlCommand cmd = db.MySqlCommand(sql);
db.Connect();
using (MySqlDataReader dr = cmd.ExecuteReader())
{
while (dr.Read())
{
Item item = new Item();
item.id = dr["id"].ToString();
item.name = dr["item"].ToString();
item.price = Convert.ToInt16(dr["price"]);
item.cost = Convert.ToInt16(dr["cost"]);
item.status = dr["status"].ToString();
list.Add(item);
}
}
}
ViewBag.List = list;
return(View());
}
public ActionResult Product(string id)
{
if (id == null)
{
return(Redirect("OrderList"));
}
Item item = new Item();
using (MyDataBase db = new MyDataBase())
{
string sql = @" SELECT * FROM order_list WHERE id = " + id;
MySqlCommand cmd = db.MySqlCommand(sql);
db.Connect();
using (MySqlDataReader dr = cmd.ExecuteReader())
{
while (dr.Read())
{
item.id = dr["id"].ToString();
item.name = dr["item"].ToString();
item.price = Convert.ToInt16(dr["price"]);
item.cost = Convert.ToInt16(dr["cost"]);
item.status = dr["status"].ToString();
}
}
}
ViewBag.Item = item;
return(View());
}
public bool CheckUserData(string account, string password)
{
/*
* try
* {
* string sql = "SELECT 1 FROM user WHERE account = @account AND password = @password;";
* MySqlCommand cmd = db.MySqlCommand(sql);
* cmd.Parameters.Add("@account", MySqlDbType.VarChar).Value = account;
* cmd.Parameters.Add("@password", MySqlDbType.VarChar).Value = password;
*
* db.Connect();
*
* using (MySqlDataReader reader = cmd.ExecuteReader())
* {
* if (reader.Read())
* return true;
* }
* return false;
* }
* catch (Exception ex)
* {
* string error = ex.ToString();
* return false;
* }
* finally
* {
* db.Disconnect();
* }
* */
string sql = "SELECT 1 FROM user WHERE account = @account AND password = @password;";
using (MyDataBase db = new MyDataBase())
{
MySqlCommand cmd = db.MySqlCommand(sql);
cmd.Parameters.Add("@account", MySqlDbType.VarChar).Value = account;
cmd.Parameters.Add("@password", MySqlDbType.VarChar).Value = password;
db.Connect();
using (MySqlDataReader dr = cmd.ExecuteReader())
{
if (dr.Read())
{
return(true);
}
}
return(false);
}
}
public ContentResult Shipping(String checklist)
{
if (checklist == "")
{
return(Content("Success"));
}
string[] select = System.Text.RegularExpressions.Regex.Split(checklist, ",");
using (MyDataBase db = new MyDataBase())
{
string sql = "";
MySqlCommand cmd = null;
db.Connect();
try
{
db.trans = db.conn.BeginTransaction();
for (int i = 0; i < select.Length; i++)
{
sql = String.Format(@" INSERT shippingorder (orderid, status) VALUES({0}, 'New')", select[i]);
cmd = db.MySqlCommand(sql);
cmd.ExecuteNonQuery();
}
sql = @" UPDATE order_list SET status = 'To be shipped' WHERE id IN (" + String.Join(",", select) + ");";
cmd = db.MySqlCommand(sql);
cmd.ExecuteNonQuery();
db.trans.Commit();
}
catch (MySqlException ex)
{
db.Rollback();
return(Content("Fail"));
}
}
return(Content("Success"));
}
