public void InsertStudent(StudentOrganizer.BO.Student stud) { string insertString = @"INSERT INTO STUDENT( FirstName, LastName, Gender, Email, BirthDate, PhoneNumber, Faculty,FacultyStartYear) values(@firstName,@lastName,@gender,@email,@birthDate,@phoneNumber,@faculty,@facultyStartYear)"; using (conn = new SqlConnection(connectionString)) { conn.Open(); SqlCommand command = new SqlCommand(insertString, conn); command.Parameters.Add("@firstName", stud.FirstName); command.Parameters.Add("@lastName", stud.LastName); command.Parameters.Add("@gender", stud.Gender); command.Parameters.Add("@email", stud.Email); command.Parameters.Add("@birthDate", stud.BirthDate); command.Parameters.Add("@phoneNumber", stud.PhoneNumber); command.Parameters.Add("@faculty", stud.Faculty); command.Parameters.Add("@facultyStartYear", stud.FacultyStartYear); command.CommandType = CommandType.Text; command.ExecuteNonQuery(); conn.Close(); } }
public void UpdateStudent(StudentOrganizer.BO.Student stud) { string updateString = "UPDATE STUDENT SET FirstName = @firstName,LastName = @lastName, Gender=@gender,Email = @email, BirthDate=@birthDate, PhoneNumber = @phoneNumber, Faculty = @faculty, FacultyStartYear = @facultyStartYear WHERE student.id = '" + stud.IdStudent + "'"; using (conn = new SqlConnection(connectionString)) { conn.Open(); SqlCommand command = new SqlCommand(updateString, conn); command.Parameters.Add("@firstName", stud.FirstName); command.Parameters.Add("@lastName", stud.LastName); command.Parameters.Add("@gender", stud.Gender); command.Parameters.Add("@email", stud.Gender); command.Parameters.Add("@birthDate", stud.BirthDate); command.Parameters.Add("@phoneNumber", stud.PhoneNumber); command.Parameters.Add("@faculty", stud.Faculty); command.Parameters.Add("@facultyStartYear", stud.FacultyStartYear); command.ExecuteNonQuery(); conn.Close(); } }