protected void Page_Load(object sender, EventArgs e)
{
//resets window because if we dont do this last search will not go
teachers_list.InnerHtml = "";
string searchkey = "";
if (Page.IsPostBack)
{
//WARNING: This technique is vulnerable to SQL injections
//read more about SQL injections
//https://www.csoonline.com/article/3257429/what-is-sql-injection-how-sqli-attacks-work-and-how-to-prevent-them.html
//we will learn to defend against these attacks next semester
searchkey = search_teacher.Text;
}
string query = "select * from TEACHERS";
if (searchkey != "")
{
query += " WHERE TEACHERFNAME like '%" + searchkey + "%' ";
query += " or TEACHERLNAME like '%" + searchkey + "%' ";
query += " or EMPLOYEENUMBER like '%" + searchkey + "%' ";
}
//sql_debugger.InnerHtml = query;
var db = new SCHOOLDB();
List <Dictionary <String, String> > rs = db.List_Query(query);
teachers_list.InnerHtml += "<table class=\"table table-bordered table-hover\"><tr><th>Teacher First Name</th><th>Teacher Last Name</th><th>Employee No</th><th>Hire Date</th><th>Salary</th><th>Modifications</th>";
foreach (Dictionary <String, String> row in rs)
{
teachers_list.InnerHtml += "<tr>";
string TeacherId = row["TEACHERID"];
string teacherfname = row["TEACHERFNAME"];
teachers_list.InnerHtml += "<td><a href=\"display_teacher.aspx?teacherid=" + TeacherId + "\">" + teacherfname + "</a></td>";
string teacherlname = row["TEACHERLNAME"];
teachers_list.InnerHtml += "<td>" + teacherlname + "</td>";
string employeenumber = row["EMPLOYEENUMBER"];
teachers_list.InnerHtml += "<td>" + employeenumber + "</td>";
string hiredate = row["HIREDATE"];
teachers_list.InnerHtml += "<td>" + hiredate + "</td>";
string salary = row["SALARY"];
teachers_list.InnerHtml += "<td>" + salary + "</td>";
teachers_list.InnerHtml += "<td><a href=\"Update_Teacher.aspx?teacherid=" + TeacherId + "\"><span class=\"glyphicon glyphicon-edit\"></span></a><a href=\"Delete_Teacher.aspx?teacherid=" + TeacherId + "\"><span class=\"glyphicon glyphicon-trash\"></span></a></td>";
teachers_list.InnerHtml += "</tr>";
}
teachers_list.InnerHtml += "</table>";
}
protected void Page_Load(object sender, EventArgs e)
{
bool valid = true;
string classid = Request.QueryString["classid"];
if (String.IsNullOrEmpty(classid))
{
valid = false;
}
//We will attempt to get the record we need
if (valid)
{
var db = new SCHOOLDB();
Dictionary <String, String> classes_record = db.FindClass(Int32.Parse(classid));
if (classes_record.Count > 0)
{
class_name_delete.InnerHtml = classes_record["CLASSNAME"];
}
else
{
valid = false;
}
}
if (!valid)
{
classes.InnerHtml = "There was an error finding that class.";
}
}
protected void Page_Load(object sender, EventArgs e)
{
bool valid = true;
string teacherid = Request.QueryString["teacherid"];
if (String.IsNullOrEmpty(teacherid))
{
valid = false;
}
//We will attempt to get the record we need
if (valid)
{
var db = new SCHOOLDB();
Dictionary <String, String> student_record = db.FindTeacher(Int32.Parse(teacherid));
if (student_record.Count > 0)
{
teacher_firstname_delete.InnerHtml = student_record["TEACHERFNAME"];
}
else
{
valid = false;
}
}
if (!valid)
{
teacher.InnerHtml = "Sorry!!!There was an error finding that student.";
}
}
protected void Page_Load(object sender, EventArgs e)
{
bool valid = true;
string teacherid = Request.QueryString["teacherid"];
if (String.IsNullOrEmpty(teacherid))
{
valid = false;
}
//We will attempt to get the record we need
if (valid)
{
var db = new SCHOOLDB();
Dictionary <String, String> teacher_record = db.FindTeacher(Int32.Parse(teacherid));
if (teacher_record.Count > 0)
{
update_teacher_fname.Text = teacher_record["TEACHERFNAME"];
update_teacher_lname.Text = teacher_record["TEACHERLNAME"];
update_employee_number.Text = teacher_record["EMPLOYEENUMBER"];
update_hire_date.Text = teacher_record["HIREDATE"];
update_salary.Text = teacher_record["SALARY"];
}
else
{
valid = false;
}
}
if (!valid)
{
teacher_update.InnerHtml = "There was an error finding that student.";
}
}
protected void Page_Load(object sender, EventArgs e)
{
bool valid = true;
string studentid = Request.QueryString["studentid"];
if (String.IsNullOrEmpty(studentid))
{
valid = false;
}
//We will attempt to get the record we need
if (valid)
{
var db = new SCHOOLDB();
Dictionary <String, String> student_record = db.FindStudent(Int32.Parse(studentid));
if (student_record.Count > 0)
{
student_title.InnerHtml = student_record["STUDENTFNAME"] + " " + student_record["STUDENTLNAME"];
student_firstname.InnerHtml = student_record["STUDENTFNAME"];
student_lastname.InnerHtml = student_record["STUDENTLNAME"];
student_no.InnerHtml = student_record["STUDENTNUMBER"];
enrolment_date.InnerHtml = student_record["ENROLMENTDATE"];
}
else
{
valid = false;
}
}
if (!valid)
{
student.InnerHtml = "Sorry!!!There was an error finding that student.";
}
}
protected void Page_Load(object sender, EventArgs e)
{
//resets window because if we dont do this last search will not go
students_result.InnerHtml = "";
string searchkey = "";
if (Page.IsPostBack)
{
//https://www.csoonline.com/article/3257429/what-is-sql-injection-how-sqli-attacks-work-and-how-to-prevent-them.html
//we will learn to defend against these attacks next semester
//HTTP School database for reference from christine file
searchkey = student_search.Text;
}
string query = "select * from STUDENTS";
if (searchkey != "")
{
query += " WHERE STUDENTFNAME like '%" + searchkey + "%' ";
query += " or STUDENTLNAME like '%" + searchkey + "%' ";
query += " or STUDENTNUMBER like '%" + searchkey + "%' ";
}
var db = new SCHOOLDB();
List <Dictionary <String, String> > rs = db.List_Query(query);
students_result.InnerHtml += "<table class=\"table table-bordered table-hover\"><tr><th>Student First Name</th><th>Student Last Name</th><th>Student No</th><th>Enrolment Date</th><th>Modifications</th>";
foreach (Dictionary <String, String> row in rs)
{
//students_result.InnerHtml += "<div class=\"table-responsive\">";
students_result.InnerHtml += "<tr>";
string StudentId = row["STUDENTID"];
string StudentFirstname = row["STUDENTFNAME"];
// students_result.InnerHtml += "<div class=\"col-lg-2 col-md-2 col-sm-2 col-xs-12\"><a href=\"ShowStudent.aspx?studentid=" + studentid + "\">" + studentfirstname + "</a></div>";
students_result.InnerHtml += "<td><a href=\"display_student.aspx?studentid=" + StudentId + "\">" + StudentFirstname + "</a></td>";
string StudentLastname = row["STUDENTLNAME"];
students_result.InnerHtml += "<td>" + StudentLastname + "</td>";
string StudentNumber = row["STUDENTNUMBER"];
students_result.InnerHtml += "<td>" + StudentNumber + "</td>";
string EnrolmentDate = row["ENROLMENTDATE"];
students_result.InnerHtml += "<td>" + EnrolmentDate + "</td>";
students_result.InnerHtml += "<td><a href=\"update_student.aspx?studentid=" + StudentId + "\"><span class=\"glyphicon glyphicon-edit\"></span></a><a href=\"delete_student.aspx?studentid=" + StudentId + "\"><span class=\"glyphicon glyphicon-trash\"></span></a></td>";
students_result.InnerHtml += "</tr>";
}
students_result.InnerHtml += "</table>";
}
protected void Page_Load(object sender, EventArgs e)
{
bool valid = true;
string classid = Request.QueryString["classid"];
if (String.IsNullOrEmpty(classid))
{
valid = false;
}
//We will attempt to get the record we need
if (valid)
{
var db = new SCHOOLDB();
Dictionary <String, String> classes_record = db.FindClass(Int32.Parse(classid));
if (classes_record.Count > 0)
{
class_id_update.Text = classes_record["CLASSID"];
class_code_update.Text = classes_record["CLASSCODE"];
teacher_id_update.Text = classes_record["TEACHERID"];
start_date_update.Text = classes_record["STARTDATE"];
finish_date_update.Text = classes_record["FINISHDATE"];
class_name_update.Text = classes_record["CLASSNAME"];
}
else
{
valid = false;
}
}
if (!valid)
{
classes.InnerHtml = "There was an error finding that classes.";
}
}
protected void Page_Load(object sender, EventArgs e)
{
//resets window because if we dont do this last search will not go
classes_result.InnerHtml = "";
string searchkey = "";
if (Page.IsPostBack)
{
//WARNING: This technique is vulnerable to SQL injections
//read more about SQL injections
//https://www.csoonline.com/article/3257429/what-is-sql-injection-how-sqli-attacks-work-and-how-to-prevent-them.html
//we will learn to defend against these attacks next semester
searchkey = class_search.Text;
}
string query = "select * from CLASSES";
if (searchkey != "")
{
query += " WHERE CLASSID like '%" + searchkey + "%' ";
query += " or CLASSCODE like '%" + searchkey + "%' ";
query += " or TEACHERID like '%" + searchkey + "%' ";
query += " or CLASSNAME like '%" + searchkey + "%' ";
}
//sql_debugger.InnerHtml = query;
var db = new SCHOOLDB();
List <Dictionary <String, String> > rs = db.List_Query(query);
classes_result.InnerHtml += "<table class=\"table table-bordered table-hover\"><tr><th>Class ID</th><th>Class Code</th><th>Teacher ID</th><th>Start Date</th><th>Finish Date</th><th>Class Name</th><th>Modifications</th>";
foreach (Dictionary <String, String> row in rs)
{
//classes_result.InnerHtml += "<div class=\"table-responsive\">";
classes_result.InnerHtml += "<tr>";
string ClassId = row["CLASSID"];
classes_result.InnerHtml += "<td>" + ClassId + "</td>";
string ClassCode = row["CLASSCODE"];
// classes_result.InnerHtml += "<div class=\"col-lg-2 col-md-2 col-sm-2 col-xs-12\"><a href=\"ShowClass.aspx?classid=" + classid + "\">" + classcode + "</a></div>";
classes_result.InnerHtml += "<td><a href=\"display_classes.aspx?classid=" + ClassId + "\">" + ClassCode + "</a></td>";
string TeacherId = row["TEACHERID"];
classes_result.InnerHtml += "<td>" + TeacherId + "</td>";
string StartDate = row["STARTDATE"];
classes_result.InnerHtml += "<td>" + StartDate + "</td>";
string FinishDate = row["FINISHDATE"];
classes_result.InnerHtml += "<td>" + FinishDate + "</td>";
string ClassName = row["CLASSNAME"];
classes_result.InnerHtml += "<td>" + ClassName + "</td>";
classes_result.InnerHtml += "<td><a href=\"update_classes.aspx?classid=" + ClassId + "\"><span class=\"glyphicon glyphicon-edit\"></span></a><a href=\"delete_classes.aspx?classid=" + ClassId + "\"><span class=\"glyphicon glyphicon-trash\"></span></a></td>";
classes_result.InnerHtml += "</tr>";
}
classes_result.InnerHtml += "</table>";
}