public void UpdateOffice(string officeCode, string officeNameFull, string officeNameAbbr, string officehead, string officeheadPos)
{
DbLink Link = new DbLink();
using (SqlConnection conn = Link.InitializeSqlConnection())
{
conn.Open();
SqlCommand comm = new SqlCommand("UPDATE dbo.tbl_A_Certified SET " +
"Office_NameFull = '" + officeNameFull + "', " +
"Office_NameAbbr = '" + officeNameAbbr + "' " +
"WHERE Office_Code = '" + officeCode + "'; " +
"SELECT OfficeheadId FROM dbo.tbl_A_Certified " +
"WHERE Office_Code = '" + officeCode + "'", conn);
int officeheadId = int.Parse(comm.ExecuteScalar().ToString());
comm.CommandText = "UPDATE dbo.tbl_Officehead SET " +
"Officehead_Name = '" + officehead + "', " +
"Officehead_Pos = '" + officeheadPos + "' " +
"WHERE OfficeheadId = '" + officeheadId + "'";
comm.ExecuteNonQuery();
}
}
public void EditAccount(AccountGridModel acct)
{
DbLink link = new DbLink();
using (SqlConnection conn = link.InitializeSqlConnection())
{
// Insert to the AB table.
SqlCommand comm = new SqlCommand("UPDATE dbo.tbl_AB SET AB_Amount = " + acct.AB + " WHERE Acct_Code = '" + acct.AcctCode + "'", conn);
conn.Open();
comm.ExecuteNonQuery();
}
}
public void InsertPayee(string payeeNumber, string payeeName, string payeePos, string payeeOfficeCode)
{
DbLink Link = new DbLink();
using (SqlConnection conn = Link.InitializeSqlConnection())
{
conn.Open();
SqlCommand comm = new SqlCommand("INSERT INTO dbo.tbl_Payee (Employee_Number, Employee_Name, Employee_Pos, Office_Code) " +
"VALUES ('" + payeeNumber + "', '" + payeeName + "', '" + payeePos + "', '" + payeeOfficeCode + "')", conn);
comm.ExecuteNonQuery();
}
}
public void UpdateStaff(string staffNumber, string staffType, string staffPic)
{
DbLink Link = new DbLink();
using (SqlConnection conn = Link.InitializeSqlConnection())
{
conn.Open();
SqlCommand comm = new SqlCommand("UPDATE dbo.tbl_BO_Staff " +
"SET Discriminator = '" + staffType + "', PicURL = '" + staffPic + "' " +
"WHERE BStaff_Number = '" + staffNumber + "'", conn);
comm.ExecuteNonQuery();
}
}
public void UpdatePayee(string payeeNumber, string payeeName, string payeePos, string payeeOfficeCode)
{
DbLink Link = new DbLink();
using (SqlConnection conn = Link.InitializeSqlConnection())
{
conn.Open();
SqlCommand comm = new SqlCommand("UPDATE dbo.tbl_Payee SET " +
"Employee_Name = '" + payeeName + "', Employee_Pos = '" + payeePos + "', Office_Code = '" + payeeOfficeCode + "' " +
"WHERE Employee_Number = '" + payeeNumber + "'", conn);
comm.ExecuteNonQuery();
}
}
public void InsertOffice(string officeNameFull, string officeNameAbbr, string officehead, string officeheadPos)
{
DbLink Link = new DbLink();
Typer SqlTyper = new Typer();
using (SqlConnection conn = Link.InitializeSqlConnection())
{
int officeCode = 31;
int officeheadId = 22;
conn.Open();
SqlCommand comm = new SqlCommand("SELECT TOP 1 Office_Code FROM dbo.tbl_A_Certified ORDER BY Office_Code DESC", conn);
SqlDataReader reader = comm.ExecuteReader();
if (reader.HasRows)
{
while (reader.Read())
{
officeCode = int.Parse(reader.GetString(0));
officeCode++;
}
}
reader.Close();
comm.CommandText = "INSERT INTO dbo.tbl_Officehead (Officehead_Name, Officehead_Pos) " +
"VALUES ('" + officehead + "', '" + officeheadPos + "'); SELECT SCOPE_IDENTITY();";
try
{
officeheadId = int.Parse(comm.ExecuteScalar().ToString());
}
catch (SqlException ex)
{
MessageBox.Show(ex.Message.ToString(), "SqlException occured", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
catch (Exception ex)
{
MessageBox.Show(ex.Message.ToString(), "Exception occured", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
comm.CommandText = "INSERT INTO dbo.tbl_A_Certified (Office_Code, Office_NameFull, Office_NameAbbr, OfficeheadId) " +
"VALUES ('" + officeCode + "', '" + officeNameFull + "', '" + officeNameAbbr + "', " + officeheadId + ")";
comm.ExecuteNonQuery();
}
}
public void InsertStaff(string staffNumber, string staffType, string password, string image)
{
DbLink Link = new DbLink();
password = Crypt.ConvertToHash(password);
using (SqlConnection conn = Link.InitializeSqlConnection())
{
conn.Open();
SqlCommand comm = new SqlCommand("INSERT INTO dbo.tbl_BO_Staff " +
"(BStaff_Number, Discriminator, Password, PicURL) " +
"VALUES ('" + staffNumber + "', '" + staffType + "', '" + password + "', '" + image + "')", conn);
comm.ExecuteNonQuery();
}
}
