protected void MerchView_ItemInserting(object sender, DetailsViewInsertEventArgs e) { string merchId = FooStringHelper.RandomString(16); var txtMerchName = (TextBox)merchView.FindControl("txtMerchName"); var txtMerchPrice = (TextBox)merchView.FindControl("txtMerchPrice"); var txtMerchBrief = (TextBox)merchView.FindControl("txtMerchBrief"); var txtMerchBody = (TextBox)merchView.FindControl("txtMerchBody"); var imageUploadForm = (FileUpload)merchView.FindControl("imageUploadForm"); var merchEnabledCheckbox = (CheckBox)merchView.FindControl("merchEnabledCheckbox"); if (!string.IsNullOrEmpty(txtMerchName.Text) && !string.IsNullOrEmpty(txtMerchPrice.Text) && FooStringHelper.IsValidPrice(txtMerchPrice.Text) && !string.IsNullOrEmpty(txtMerchBrief.Text) && !string.IsNullOrEmpty(txtMerchBody.Text)) { try { if (FooSessionHelper.IsValidRequest(HttpContext.Current, RequestToken.Value)) { // Define connection string. using (var conn = new NpgsqlConnection()) { conn.ConnectionString = ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString; conn.Open(); var cmd = new NpgsqlCommand { CommandText = "INSERT INTO merchandise (merchid, merchname, merchprice, merchbrief, merchbody, merchenabled) VALUES (@MERCHID, @MERCHNAME, @MERCHPRICE, @MERCHBRIEF, @MERCHBODY, @MERCHENABLED)", CommandType = CommandType.Text, Connection = conn }; var idParam = new NpgsqlParameter { ParameterName = "@MERCHID", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 16, Direction = ParameterDirection.Input, Value = merchId }; cmd.Parameters.Add(idParam); var nameParam = new NpgsqlParameter { ParameterName = "@MERCHNAME", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 64, Direction = ParameterDirection.Input, Value = txtMerchName.Text }; cmd.Parameters.Add(nameParam); var priceParam = new NpgsqlParameter { ParameterName = "@MERCHPRICE", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 8, Direction = ParameterDirection.Input, Value = txtMerchPrice.Text }; cmd.Parameters.Add(priceParam); var briefParam = new NpgsqlParameter { ParameterName = "@MERCHBRIEF", NpgsqlDbType = NpgsqlDbType.Varchar, Size = 1024, Direction = ParameterDirection.Input, Value = txtMerchBrief.Text }; cmd.Parameters.Add(briefParam); var bodyParam = new NpgsqlParameter { ParameterName = "@MERCHBODY", NpgsqlDbType = NpgsqlDbType.Varchar, Direction = ParameterDirection.Input, Value = txtMerchBody.Text }; cmd.Parameters.Add(bodyParam); var enabledParam = new NpgsqlParameter { ParameterName = "@MERCHENABLED", NpgsqlDbType = NpgsqlDbType.Boolean, Direction = ParameterDirection.Input, Value = merchEnabledCheckbox.Checked }; cmd.Parameters.Add(enabledParam); cmd.ExecuteNonQuery(); cmd.Dispose(); } if (imageUploadForm.HasFile) { HttpPostedFile file = HttpContext.Current.Request.Files[0]; Insert_NewImage(merchId, file); } else { Insert_NewImage(merchId, null); } } } catch (Exception ex) { FooLogging.WriteLog(ex.ToString()); errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator."; } } else { errorLabel.Text = "Incomplete or invalid input."; } Reset_Page(string.Empty); }