private void AddBrrwrBtn_Click(object sender, EventArgs e)
{
string Name = NameTxt.Text;
string SSN = SSNTxt.Text;
string Address = AddressTxt.Text;
string Phone = PhoneTxt.Text;
string Email = EmailTxt.Text;
bool SSN_Unique = Check_SSN(SSN);
if (!string.IsNullOrEmpty(Name) && !string.IsNullOrEmpty(SSN) && !string.IsNullOrEmpty(Address))
{
SSN = Format_SSN(SSN);
if (SSN_Unique == true)
{
Execute_Add_Borrower(Name, SSN, Address, Phone, Email);
}
else
{
MessageBox.Show("The SSN number provided is already in use. Please enter another SSN or update the existing record.");
}
}
else
{
MessageBox.Show("The values for Name, SSN, and Address must be filled in.");
}
NameTxt.Clear();
SSNTxt.Clear();
AddressTxt.Clear();
PhoneTxt.Clear();
EmailTxt.Clear();
Load_Borrower_View();
}
private void contact_NoTxt_KeyDown(object sender, KeyEventArgs e)
{
if (e.KeyCode == Keys.Enter)
{
AddressTxt.Focus();
e.Handled = true;
}
}
private void CancelBtn_Click(object sender, EventArgs e)
{
NameTxt.Clear();
SSNTxt.Clear();
AddressTxt.Clear();
PhoneTxt.Clear();
EmailTxt.Clear();
}
private void SaveBtn_Click(object sender, EventArgs e)
{
try
{
String name = NameTxt.Text; /*storing text from textbox into variable to designated datatypes*/
String address = AddressTxt.Text;
Int64 contact = Convert.ToInt64(ContactTxt.Text);
int age = Convert.ToInt32(AgeTxt.Text);
String gender = comboGender.Text;
String blood = BloodTxt.Text;
String any = PreProblemTxt.Text;
int pid = Convert.ToInt32(PaitionIdTxt.Text);
System.Data.SqlClient.SqlConnection con = new System.Data.SqlClient.SqlConnection();
con.ConnectionString = "data source = DESKTOP-G7R371A\\SQLEXPRESS; database = Hospital; integrated security = True";
System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand();
cmd.Connection = con; /*connecting database*/
cmd.CommandText = "insert into AddPatient values ('" + name + "', '" + address + "'," + contact + "," + age + ",'" + gender + "','" + blood + "','" + any + "'," + pid + ")";
System.Data.SqlClient.SqlDataAdapter DA = new System.Data.SqlClient.SqlDataAdapter(cmd);
DataSet DS = new DataSet(); /*Data set to fill boxes*/
DA.Fill(DS);
MessageBox.Show("Data Saved!");
}
catch (Exception)
{
MessageBox.Show("Please fill up all boxes");
}
/*Clearing all boxes*/
NameTxt.Clear();
AddressTxt.Clear();
ContactTxt.Clear();
AgeTxt.Clear();
BloodTxt.Clear();
PreProblemTxt.Clear();
PaitionIdTxt.Clear();
comboGender.ResetText();
}
private void Searchbtn_Click(object sender, EventArgs e)
{
string Cnx1 = @"Data Source=.\SQLEXPRESS;AttachDbFilename=E:\data 3 new\Final project\print\controller.mdf;Integrated Security=True;User Instance=True";
SqlConnection conx1 = new SqlConnection(Cnx1);
conx1.Open();
if (facultyCmbBox.Text == "CSE")
{
//This code is susceptible to SQL injection attacks.
string Qry1 = "SELECT * FROM CSETeacherInformation Where TeacherName = '" + this.TeacherNamTxt.Text + "'AND Faculty = '" + this.facultyCmbBox.Text + "'";
SqlCommand comd1 = new SqlCommand(Qry1, conx1);
SqlDataReader dtr1 = comd1.ExecuteReader();
dtr1.Read();
try
{
DesigCmbBox.Hide();
AddressTxt.Hide();
String m1 = dtr1["Designation"].ToString(); DesigCmbBox.Show();
String m2 = dtr1["Address"].ToString(); AddressTxt.Show();
//txtbx
DesigCmbBox.Text = m1;
AddressTxt.Text = m2;
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
}
else if (facultyCmbBox.Text == "BBA")
{
//This code is susceptible to SQL injection attacks.
string Qry1 = "SELECT * FROM BBATeacherInformation Where TeacherName = '" + this.TeacherNamTxt.Text + "'AND Faculty = '" + this.facultyCmbBox.Text + "'";
SqlCommand comd1 = new SqlCommand(Qry1, conx1);
SqlDataReader dtr1 = comd1.ExecuteReader();
dtr1.Read();
try
{
DesigCmbBox.Hide();
AddressTxt.Hide();
String m1 = dtr1["Designation"].ToString(); DesigCmbBox.Show();
String m2 = dtr1["Address"].ToString(); AddressTxt.Show();
//txtbx
DesigCmbBox.Text = m1;
AddressTxt.Text = m2;
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
}
conx1.Close();
}
