// POST: api/Meds public string Post([FromBody] CreateMed value) { _conn = new SqlConnection(Utils.Utils.GetConnectionString()); var queryInsert = Utils.Utils.getInsert(); SqlCommand insertCommand = new SqlCommand(queryInsert, _conn); insertCommand.Parameters.AddWithValue("@name", value.name); insertCommand.Parameters.AddWithValue("@exp_date", value.exp_date); insertCommand.Parameters.AddWithValue("@pieces", value.pieces); insertCommand.Parameters.AddWithValue("@base_subst", value.base_subst); insertCommand.Parameters.AddWithValue("@quantity", value.quantity); insertCommand.Parameters.AddWithValue("@description", value.description); _conn.Open(); int result = insertCommand.ExecuteNonQuery(); if (result > 0) { return("true"); } else { return("false"); } }
public string Put(int id, [FromBody] CreateMed value) { using var _conn = new SqlConnection(Utils.QueryMed.GetConnectionString()); var queryUpdate = Utils.QueryMed.getUpdate() + id; SqlCommand updateCommand = new SqlCommand(queryUpdate, _conn); updateCommand.Parameters.AddWithValue("@name", value.name); updateCommand.Parameters.AddWithValue("@exp_date", value.exp_date); updateCommand.Parameters.AddWithValue("@pieces", value.pieces); updateCommand.Parameters.AddWithValue("@base_subst", value.base_subst); updateCommand.Parameters.AddWithValue("@quantity", value.quantity); updateCommand.Parameters.AddWithValue("@description", value.description); updateCommand.Parameters.AddWithValue("@userEmail", value.userEmail); _conn.Open(); int result = updateCommand.ExecuteNonQuery(); if (result > 0) { return("true"); } else { return("false"); } }