protected void Button2_Click(object sender, EventArgs e)
{
string filename = Path.GetFileName(FileUpload1.FileName);
dbcon = new SQLConnection();
if (name.Text.Equals("") || price.Text.Equals(""))
{
Response.Write("<script>alert('Cannot fill in the blanks')</script>");
}
else
{
if (Session["product_id"] != null || FileUpload1.HasFile)
{
if (Session["product_id"] != null)
{
if (FileUpload1.HasFile)
{
try
{
FileUpload1.SaveAs(Server.MapPath("upload/") + filename);
string query = "update products set name = '" + name.Text + "' , price = '" + price.Text + "', image = '" + filename + "' where ID=" + Session["product_id"] + ";";
dbcon.executeSQL(query);
Response.Write("<script>alert('Update Product Successfully.');</script>");
}
catch (Exception ex)
{
Response.Write("<script>alert('" + ex.ToString() + "')</script>");
}
}
else
{
try
{
FileUpload1.SaveAs(Server.MapPath("upload/") + filename);
string query = "update products set name = '" + name.Text + "' , price = '" + price.Text + "' where ID=" + Session["product_id"] + ";";
dbcon.executeSQL(query);
Response.Write("<script>alert('Update Product Successfully.');</script>");
}
catch (Exception ex)
{
Response.Write("<script>alert('" + ex.ToString() + "')</script>");
}
}
}
else
{
try
{
FileUpload1.SaveAs(Server.MapPath("upload/") + filename);
string query = "insert into products(name, image, price) values ('" + name.Text + "','" + filename + "','" + price.Text + "');";
dbcon.executeSQL(query);
Response.Write("<script>alert('Create Product Successfully.');window.location = 'AdminViewProduct.aspx';</script>");
}
catch (Exception ex)
{
Response.Write(ex.ToString());
}
}
}
else
{
Response.Write("<script>alert('You have not uploaded any product image')</script>");
}
}
}
protected void Page_Load(object sender, EventArgs e)
{
dbcon = new SQLConnection();
Session["admin"] = null;
}
