protected void Page_Load(object sender, EventArgs e)
{
//resets window because if we dont do this last search will not go
teachers_list.InnerHtml = "";
string searchkey = "";
if (Page.IsPostBack)
{
//WARNING: This technique is vulnerable to SQL injections
//read more about SQL injections
//https://www.csoonline.com/article/3257429/what-is-sql-injection-how-sqli-attacks-work-and-how-to-prevent-them.html
//we will learn to defend against these attacks next semester
searchkey = search_teacher.Text;
}
string query = "select * from TEACHERS";
if (searchkey != "")
{
query += " WHERE TEACHERFNAME like '%" + searchkey + "%' ";
query += " or TEACHERLNAME like '%" + searchkey + "%' ";
query += " or EMPLOYEENUMBER like '%" + searchkey + "%' ";
}
//sql_debugger.InnerHtml = query;
var db = new SCHOOLDB();
List <Dictionary <String, String> > rs = db.List_Query(query);
teachers_list.InnerHtml += "<table class=\"table table-bordered table-hover\"><tr><th>Teacher First Name</th><th>Teacher Last Name</th><th>Employee No</th><th>Hire Date</th><th>Salary</th><th>Modifications</th>";
foreach (Dictionary <String, String> row in rs)
{
teachers_list.InnerHtml += "<tr>";
string TeacherId = row["TEACHERID"];
string teacherfname = row["TEACHERFNAME"];
teachers_list.InnerHtml += "<td><a href=\"display_teacher.aspx?teacherid=" + TeacherId + "\">" + teacherfname + "</a></td>";
string teacherlname = row["TEACHERLNAME"];
teachers_list.InnerHtml += "<td>" + teacherlname + "</td>";
string employeenumber = row["EMPLOYEENUMBER"];
teachers_list.InnerHtml += "<td>" + employeenumber + "</td>";
string hiredate = row["HIREDATE"];
teachers_list.InnerHtml += "<td>" + hiredate + "</td>";
string salary = row["SALARY"];
teachers_list.InnerHtml += "<td>" + salary + "</td>";
teachers_list.InnerHtml += "<td><a href=\"Update_Teacher.aspx?teacherid=" + TeacherId + "\"><span class=\"glyphicon glyphicon-edit\"></span></a><a href=\"Delete_Teacher.aspx?teacherid=" + TeacherId + "\"><span class=\"glyphicon glyphicon-trash\"></span></a></td>";
teachers_list.InnerHtml += "</tr>";
}
teachers_list.InnerHtml += "</table>";
}
protected void Page_Load(object sender, EventArgs e)
{
//resets window because if we dont do this last search will not go
students_result.InnerHtml = "";
string searchkey = "";
if (Page.IsPostBack)
{
//https://www.csoonline.com/article/3257429/what-is-sql-injection-how-sqli-attacks-work-and-how-to-prevent-them.html
//we will learn to defend against these attacks next semester
//HTTP School database for reference from christine file
searchkey = student_search.Text;
}
string query = "select * from STUDENTS";
if (searchkey != "")
{
query += " WHERE STUDENTFNAME like '%" + searchkey + "%' ";
query += " or STUDENTLNAME like '%" + searchkey + "%' ";
query += " or STUDENTNUMBER like '%" + searchkey + "%' ";
}
var db = new SCHOOLDB();
List <Dictionary <String, String> > rs = db.List_Query(query);
students_result.InnerHtml += "<table class=\"table table-bordered table-hover\"><tr><th>Student First Name</th><th>Student Last Name</th><th>Student No</th><th>Enrolment Date</th><th>Modifications</th>";
foreach (Dictionary <String, String> row in rs)
{
//students_result.InnerHtml += "<div class=\"table-responsive\">";
students_result.InnerHtml += "<tr>";
string StudentId = row["STUDENTID"];
string StudentFirstname = row["STUDENTFNAME"];
// students_result.InnerHtml += "<div class=\"col-lg-2 col-md-2 col-sm-2 col-xs-12\"><a href=\"ShowStudent.aspx?studentid=" + studentid + "\">" + studentfirstname + "</a></div>";
students_result.InnerHtml += "<td><a href=\"display_student.aspx?studentid=" + StudentId + "\">" + StudentFirstname + "</a></td>";
string StudentLastname = row["STUDENTLNAME"];
students_result.InnerHtml += "<td>" + StudentLastname + "</td>";
string StudentNumber = row["STUDENTNUMBER"];
students_result.InnerHtml += "<td>" + StudentNumber + "</td>";
string EnrolmentDate = row["ENROLMENTDATE"];
students_result.InnerHtml += "<td>" + EnrolmentDate + "</td>";
students_result.InnerHtml += "<td><a href=\"update_student.aspx?studentid=" + StudentId + "\"><span class=\"glyphicon glyphicon-edit\"></span></a><a href=\"delete_student.aspx?studentid=" + StudentId + "\"><span class=\"glyphicon glyphicon-trash\"></span></a></td>";
students_result.InnerHtml += "</tr>";
}
students_result.InnerHtml += "</table>";
}
protected void Page_Load(object sender, EventArgs e)
{
//resets window because if we dont do this last search will not go
classes_result.InnerHtml = "";
string searchkey = "";
if (Page.IsPostBack)
{
//WARNING: This technique is vulnerable to SQL injections
//read more about SQL injections
//https://www.csoonline.com/article/3257429/what-is-sql-injection-how-sqli-attacks-work-and-how-to-prevent-them.html
//we will learn to defend against these attacks next semester
searchkey = class_search.Text;
}
string query = "select * from CLASSES";
if (searchkey != "")
{
query += " WHERE CLASSID like '%" + searchkey + "%' ";
query += " or CLASSCODE like '%" + searchkey + "%' ";
query += " or TEACHERID like '%" + searchkey + "%' ";
query += " or CLASSNAME like '%" + searchkey + "%' ";
}
//sql_debugger.InnerHtml = query;
var db = new SCHOOLDB();
List <Dictionary <String, String> > rs = db.List_Query(query);
classes_result.InnerHtml += "<table class=\"table table-bordered table-hover\"><tr><th>Class ID</th><th>Class Code</th><th>Teacher ID</th><th>Start Date</th><th>Finish Date</th><th>Class Name</th><th>Modifications</th>";
foreach (Dictionary <String, String> row in rs)
{
//classes_result.InnerHtml += "<div class=\"table-responsive\">";
classes_result.InnerHtml += "<tr>";
string ClassId = row["CLASSID"];
classes_result.InnerHtml += "<td>" + ClassId + "</td>";
string ClassCode = row["CLASSCODE"];
// classes_result.InnerHtml += "<div class=\"col-lg-2 col-md-2 col-sm-2 col-xs-12\"><a href=\"ShowClass.aspx?classid=" + classid + "\">" + classcode + "</a></div>";
classes_result.InnerHtml += "<td><a href=\"display_classes.aspx?classid=" + ClassId + "\">" + ClassCode + "</a></td>";
string TeacherId = row["TEACHERID"];
classes_result.InnerHtml += "<td>" + TeacherId + "</td>";
string StartDate = row["STARTDATE"];
classes_result.InnerHtml += "<td>" + StartDate + "</td>";
string FinishDate = row["FINISHDATE"];
classes_result.InnerHtml += "<td>" + FinishDate + "</td>";
string ClassName = row["CLASSNAME"];
classes_result.InnerHtml += "<td>" + ClassName + "</td>";
classes_result.InnerHtml += "<td><a href=\"update_classes.aspx?classid=" + ClassId + "\"><span class=\"glyphicon glyphicon-edit\"></span></a><a href=\"delete_classes.aspx?classid=" + ClassId + "\"><span class=\"glyphicon glyphicon-trash\"></span></a></td>";
classes_result.InnerHtml += "</tr>";
}
classes_result.InnerHtml += "</table>";
}
