private void AddBrrwrBtn_Click(object sender, EventArgs e) { string Name = NameTxt.Text; string SSN = SSNTxt.Text; string Address = AddressTxt.Text; string Phone = PhoneTxt.Text; string Email = EmailTxt.Text; bool SSN_Unique = Check_SSN(SSN); if (!string.IsNullOrEmpty(Name) && !string.IsNullOrEmpty(SSN) && !string.IsNullOrEmpty(Address)) { SSN = Format_SSN(SSN); if (SSN_Unique == true) { Execute_Add_Borrower(Name, SSN, Address, Phone, Email); } else { MessageBox.Show("The SSN number provided is already in use. Please enter another SSN or update the existing record."); } } else { MessageBox.Show("The values for Name, SSN, and Address must be filled in."); } NameTxt.Clear(); SSNTxt.Clear(); AddressTxt.Clear(); PhoneTxt.Clear(); EmailTxt.Clear(); Load_Borrower_View(); }
private void contact_NoTxt_KeyDown(object sender, KeyEventArgs e) { if (e.KeyCode == Keys.Enter) { AddressTxt.Focus(); e.Handled = true; } }
private void CancelBtn_Click(object sender, EventArgs e) { NameTxt.Clear(); SSNTxt.Clear(); AddressTxt.Clear(); PhoneTxt.Clear(); EmailTxt.Clear(); }
private void SaveBtn_Click(object sender, EventArgs e) { try { String name = NameTxt.Text; /*storing text from textbox into variable to designated datatypes*/ String address = AddressTxt.Text; Int64 contact = Convert.ToInt64(ContactTxt.Text); int age = Convert.ToInt32(AgeTxt.Text); String gender = comboGender.Text; String blood = BloodTxt.Text; String any = PreProblemTxt.Text; int pid = Convert.ToInt32(PaitionIdTxt.Text); System.Data.SqlClient.SqlConnection con = new System.Data.SqlClient.SqlConnection(); con.ConnectionString = "data source = DESKTOP-G7R371A\\SQLEXPRESS; database = Hospital; integrated security = True"; System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand(); cmd.Connection = con; /*connecting database*/ cmd.CommandText = "insert into AddPatient values ('" + name + "', '" + address + "'," + contact + "," + age + ",'" + gender + "','" + blood + "','" + any + "'," + pid + ")"; System.Data.SqlClient.SqlDataAdapter DA = new System.Data.SqlClient.SqlDataAdapter(cmd); DataSet DS = new DataSet(); /*Data set to fill boxes*/ DA.Fill(DS); MessageBox.Show("Data Saved!"); } catch (Exception) { MessageBox.Show("Please fill up all boxes"); } /*Clearing all boxes*/ NameTxt.Clear(); AddressTxt.Clear(); ContactTxt.Clear(); AgeTxt.Clear(); BloodTxt.Clear(); PreProblemTxt.Clear(); PaitionIdTxt.Clear(); comboGender.ResetText(); }
private void Searchbtn_Click(object sender, EventArgs e) { string Cnx1 = @"Data Source=.\SQLEXPRESS;AttachDbFilename=E:\data 3 new\Final project\print\controller.mdf;Integrated Security=True;User Instance=True"; SqlConnection conx1 = new SqlConnection(Cnx1); conx1.Open(); if (facultyCmbBox.Text == "CSE") { //This code is susceptible to SQL injection attacks. string Qry1 = "SELECT * FROM CSETeacherInformation Where TeacherName = '" + this.TeacherNamTxt.Text + "'AND Faculty = '" + this.facultyCmbBox.Text + "'"; SqlCommand comd1 = new SqlCommand(Qry1, conx1); SqlDataReader dtr1 = comd1.ExecuteReader(); dtr1.Read(); try { DesigCmbBox.Hide(); AddressTxt.Hide(); String m1 = dtr1["Designation"].ToString(); DesigCmbBox.Show(); String m2 = dtr1["Address"].ToString(); AddressTxt.Show(); //txtbx DesigCmbBox.Text = m1; AddressTxt.Text = m2; } catch (Exception ex) { MessageBox.Show(ex.Message); } } else if (facultyCmbBox.Text == "BBA") { //This code is susceptible to SQL injection attacks. string Qry1 = "SELECT * FROM BBATeacherInformation Where TeacherName = '" + this.TeacherNamTxt.Text + "'AND Faculty = '" + this.facultyCmbBox.Text + "'"; SqlCommand comd1 = new SqlCommand(Qry1, conx1); SqlDataReader dtr1 = comd1.ExecuteReader(); dtr1.Read(); try { DesigCmbBox.Hide(); AddressTxt.Hide(); String m1 = dtr1["Designation"].ToString(); DesigCmbBox.Show(); String m2 = dtr1["Address"].ToString(); AddressTxt.Show(); //txtbx DesigCmbBox.Text = m1; AddressTxt.Text = m2; } catch (Exception ex) { MessageBox.Show(ex.Message); } } conx1.Close(); }