protected void btnPayment_Click(object sender, EventArgs e)
{
try
{
int medicineId = int.Parse("0" + Request.QueryString["MedicineId"]);
decimal Amount = decimal.Parse("0" + Request.QueryString["Amount"]);
int Quantity = int.Parse("0" + Request.QueryString["Quantity"]);
decimal UnitPrice = decimal.Parse("0" + Request.QueryString["UnitPrice"]);
int userId = int.Parse("0" + Session["UserId"]);
string insertQuery = "insert into tbl_Order(Price,OrderDate,MedicineId,CustId,Quantity,TotalAmount) values(" + UnitPrice + ",getdate()," + int.Parse("0" + medicineId) + "," + Convert.ToInt32(Session["UserId"]) + "," + Quantity + "," + Amount + ")";
Dal.MakePayment(insertQuery);
string orderQuery = "select Max(OrderId) From tbl_Order";
DataTable dt = Dal.ExecuteSqlString(orderQuery).Tables[0];
int orderId = int.Parse("0" + dt.Rows[0][0]);
string payment = "insert into tbl_PaymentDetails(UserId,OrderId,PaymentTypeId,Amount,CreditCardNo,CVV,ExpiryDate,NameOnCard,Status)" +
"values(" + userId + "," + orderId + "," + int.Parse("0" + ddlPaymentType.SelectedValue) + "," + decimal.Parse("0" + txtAmount.Text) + "," +
"'" + txtCardNumber.Text + "','" + txtCVV.Text + "','" + txtExpiryMonth.Text + "','" + txtNameOnCard.Text + "',1)";
int pay = Dal.MakePayment(payment);
if (pay > 0)
{
Page.ClientScript.RegisterStartupScript(this.GetType(), "Message", "<script language='javascript'>alert('Your payment has been done successfully!!!')</script>");
//Response.Redirect("Default.aspx");
}
}
catch (Exception ex)
{
Page.ClientScript.RegisterStartupScript(this.GetType(), "Message", "<script language='javascript'>alert('" + ex.Message + "')</script>");
}
}
