Example #1
0
    protected void btnAdd_Click(object sender, EventArgs e)
    {
        using (SqlConnection con = new SqlConnection(Util.GetConnection()))
        {
            con.Open();
            string SQL = @"INSERT INTO Products VALUES ( @Name, @CatID, @Code, @Description, @Image, @Price, @IsFeatured, @Available, @CriticalLevel, @Maximum, @Status, @DateAdded, @DateModified)";


            //parameterized query
            using (SqlCommand cmd = new SqlCommand(SQL, con))
            {
                cmd.Parameters.AddWithValue("@Name", Prod_Name.Text);
                cmd.Parameters.AddWithValue("@CatID", ddlCategory.SelectedValue);
                cmd.Parameters.AddWithValue("@Code", Prod_Code.Text);
                cmd.Parameters.AddWithValue("@Description", Prod_Desc.Text);

                string fileExt = Path.GetExtension(Prod_Img.FileName);
                string id      = Guid.NewGuid().ToString();
                cmd.Parameters.AddWithValue("@Image", id + fileExt);
                Prod_Img.SaveAs(Server.MapPath("~/img/products/" + id + fileExt));


                cmd.Parameters.AddWithValue("@Price", Prod_Pric.Text);
                cmd.Parameters.AddWithValue("@IsFeatured", ddlFeatured.SelectedValue);
                cmd.Parameters.AddWithValue("@Available", 0);
                cmd.Parameters.AddWithValue("@CriticalLevel", Prod_CritLev.Text);
                cmd.Parameters.AddWithValue("@Maximum", Prod_MaxNumofItems.Text);
                cmd.Parameters.AddWithValue("@Status", "Active");
                cmd.Parameters.AddWithValue("@DateAdded", DateTime.Now);
                cmd.Parameters.AddWithValue("@DateModified", DBNull.Value);
                cmd.ExecuteNonQuery();
                Response.Redirect("Default.aspx");
            }
        }
    }
Example #2
0
    protected void btnUpdate_Click(object sender, EventArgs e)
    {
        using (SqlConnection con = new SqlConnection(Util.GetConnection()))
        {
            con.Open();
            string SQL = @"UPDATE Products SET Name=@Name, CatID=@CatID, Code=@Code, Description=@Description, Image=@Image, Price=@Price, IsFeatured=@IsFeatured, Available=Available, CriticalLevel=@CriticalLevel, Maximum=@Maximum, DateModified=@DateModified WHERE ProductID=@ProductID";  ///UPDATE STRING



            //parameterized query
            using (SqlCommand cmd = new SqlCommand(SQL, con))
            {
                cmd.Parameters.AddWithValue("@Name", Prod_Name.Text);
                cmd.Parameters.AddWithValue("@CatID", ddlCategory.SelectedValue);
                cmd.Parameters.AddWithValue("@Description", Prod_Desc.Text);
                cmd.Parameters.AddWithValue("@Code", Prod_Code.Text);
                if (Prod_Img.HasFile)
                {
                    string file = Path.GetExtension(Prod_Img.FileName);
                    string id   = Guid.NewGuid().ToString();
                    cmd.Parameters.AddWithValue("@Image", id + file);
                    Prod_Img.SaveAs(Server.MapPath("~/img/products/" + id + file));
                }

                else
                {
                    cmd.Parameters.AddWithValue("@Image", Session["image"].ToString());
                }


                cmd.Parameters.AddWithValue("@Price", Prod_Pric.Text);
                cmd.Parameters.AddWithValue("@IsFeatured", ddlFeatured.SelectedValue);
                cmd.Parameters.AddWithValue("@CriticalLevel", Prod_CritLev.Text);
                cmd.Parameters.AddWithValue("@Maximum", Prod_MaxNumofItems.Text);
                cmd.Parameters.AddWithValue("@DateModified", DateTime.Now);
                cmd.Parameters.AddWithValue("@ProductID", Request.QueryString["ID"].ToString());
                cmd.ExecuteNonQuery();

                con.Close(); ////may or may not///

                Response.Redirect("Default.aspx");
            }
        }
    }