public ActionResult Index(string registerRequest, string firstname, string lastname, string emailaddress, string password, string address, string bankdetails)
{
SqlConnection con = SQLCon.getConnection();
SqlCommand q0 = con.CreateCommand();
q0.CommandType = CommandType.Text;
q0.CommandText = "SELECT TOP 1 * FROM [User] WHERE email='" + emailaddress + "';";
SqlDataReader result0 = q0.ExecuteReader();
if (result0.HasRows)
{
result0.Close();
return(RedirectToAction("EmailExists", "Register"));
}
else
{
result0.Close();
SqlCommand q1 = con.CreateCommand();
q1.CommandType = CommandType.Text;
q1.CommandText = "INSERT INTO [User](email,password,firstname,lastname,address,bankdetails) VALUES('" + emailaddress + "','" + password + "','" + firstname + "','" + lastname + "','" + address + "','" + bankdetails + "');";
if (q1.ExecuteNonQuery() > 0)
{
return(RedirectToAction("Success", "Register"));
}
}
return(View());
}
public ActionResult Index(string editRequest, string firstname, string lastname, string password, string address, string bankdetails)
{
SqlConnection con = SQLCon.getConnection();
User luser = (User)Session["loggedUser"];
SqlCommand q1 = con.CreateCommand();
q1.CommandType = CommandType.Text;
q1.CommandText = "UPDATE [User] SET password='******',firstname='" + firstname + "',lastname='" + lastname + "',address='" + address + "',bankdetails='" + bankdetails + "' WHERE id='" + luser.id + "'";
q1.ExecuteNonQuery();
SqlCommand q = con.CreateCommand();
q.CommandType = CommandType.Text;
q.CommandText = "SELECT TOP 1 * FROM [User] WHERE id='" + luser.id + "'";
SqlDataReader result = q.ExecuteReader();
/* update session */
if (result.HasRows)
{
result.Read();
User user = new User
{
firstName = result["firstname"].ToString(),
lastName = result["lastname"].ToString(),
email = result["email"].ToString(),
password = result["password"].ToString(),
address = result["address"].ToString(),
bankDetails = result["bankdetails"].ToString(),
id = Int32.Parse(result["id"].ToString())
};
Session["loggedUser"] = user;
}
return(RedirectToAction("Index", "MyProfile"));
}
// GET: PostItem
public ActionResult Index()
{
if (Session["loggedUser"] == null)
{
return(RedirectToAction("Index", "Login"));
}
SqlConnection con = SQLCon.getConnection();
SqlCommand q = con.CreateCommand();
q.CommandType = CommandType.Text;
q.CommandText = "SELECT * FROM [Category]";
SqlDataReader result = q.ExecuteReader();
List <Category> categories = new List <Category>();
while (result.Read())
{
categories.Add(new Category {
id = Int32.Parse(result["id"].ToString()),
name = result["name"].ToString(),
item_count = Int32.Parse(result["item_count"].ToString())
});
}
ViewBag.categories = categories;
return(View());
}
// POST : Login
public ActionResult Index(string username, string password)
{
SqlConnection con = SQLCon.getConnection();
SqlCommand q = con.CreateCommand();
q.CommandType = CommandType.Text;
q.CommandText = "SELECT TOP 1 * FROM [User] WHERE email='" + username + "' AND password='******'";
SqlDataReader result = q.ExecuteReader();
if (result.HasRows)
{
result.Read();
User user = new User {
firstName = result["firstname"].ToString(),
lastName = result["lastname"].ToString(),
email = result["email"].ToString(),
password = result["password"].ToString(),
address = result["address"].ToString(),
bankDetails = result["bankdetails"].ToString(),
id = Int32.Parse(result["id"].ToString())
};
Session["loggedUser"] = user;
return(RedirectToAction("Index", "Home"));
}
ViewBag.loginFailed = true;
return(View());
}
public String Index(int remove_id)
{
SqlConnection con = SQLCon.getConnection();
SqlCommand q = con.CreateCommand();
q.CommandType = CommandType.Text;
q.CommandText = "SELECT TOP 1 category_id FROM [Item] WHERE id='" + remove_id + "'";
SqlDataReader result = q.ExecuteReader();
if (result.HasRows)
{
result.Read();
int category_id = Int32.Parse(result["category_id"].ToString());
result.Close();
q.CommandText = "DELETE FROM [Item] WHERE id='" + remove_id + "'";
if (q.ExecuteNonQuery() > 0)
{
q.CommandText = "UPDATE [Category] SET item_count=item_count-1 WHERE id='" + category_id + "'";
if (q.ExecuteNonQuery() > 0)
{
q.CommandText = "DELETE FROM [Order] WHERE item_id='" + remove_id + "'";
q.ExecuteNonQuery();
return("OK");
}
}
}
return("ERROR");
}
// GET: EditItem
public ActionResult Index(int edit_id)
{
SqlConnection con = SQLCon.getConnection();
SqlCommand q = con.CreateCommand();
q.CommandType = CommandType.Text;
q.CommandText = "SELECT * FROM [Category]";
SqlDataReader result = q.ExecuteReader();
List <Category> categories = new List <Category>();
while (result.Read())
{
categories.Add(new Category
{
id = Int32.Parse(result["id"].ToString()),
name = result["name"].ToString(),
item_count = Int32.Parse(result["item_count"].ToString())
});
}
result.Close();
q.CommandText = "SELECT TOP 1 [Category].name AS category_name, [Category].item_count AS category_item_count,[Item].* FROM [Item] LEFT JOIN [Category] ON [Item].category_id=[Category].id WHERE [Item].id='" + edit_id + "'";
result = q.ExecuteReader();
result.Read();
Item item = new Item
{
id = Int32.Parse(result["id"].ToString()),
category = new Category
{
id = Int32.Parse(result["category_id"].ToString()),
item_count = Int32.Parse(result["category_item_count"].ToString()),
name = result["category_name"].ToString()
},
userId = Int32.Parse(result["user_id"].ToString()),
isSold = Int32.Parse(result["sold"].ToString()) == 1,
price = Double.Parse(result["price"].ToString()),
name = result["name"].ToString(),
imageFile = result["imagefile"].ToString(),
description = result["description"].ToString()
};
ViewBag.item = item;
ViewBag.categories = categories;
return(View());
}
public string Index(int item_id, int user_id)
{
SqlConnection con = SQLCon.getConnection();
SqlCommand q = con.CreateCommand();
q.CommandType = CommandType.Text;
User user = (User)Session["loggedUser"];
q.CommandText = "UPDATE [Item] SET delivered=1 WHERE id='" + item_id + "' AND user_id='" + user.id + "'";
if (q.ExecuteNonQuery() > 0)
{
/* add message */
MessageCenter.addMessage(user_id, item_id, "DELIVER");
return("OK");
}
return("ERROR");
}
public ActionResult Index(int edit_id, string name, double price, string description, HttpPostedFileBase file)
{
SqlConnection con = SQLCon.getConnection();
SqlCommand q = con.CreateCommand();
q.CommandType = CommandType.Text;
string imagefile = "";
if (file != null)
{
if (file.ContentLength > 0)
{
var fileName = Guid.NewGuid().ToString() + ".jpg";
var path = Path.Combine(Server.MapPath("~/Content/Uploads"), fileName);
file.SaveAs(path);
imagefile = fileName;
}
}
if (imagefile != "")
{
q.CommandText = "UPDATE [Item] SET name='" + name.Replace("'", "''") + "',description='" + description.Replace("'", "''") + "',price='" + price + "',imagefile='" + imagefile + "' WHERE id='" + edit_id + "'";
}
else
{
q.CommandText = "UPDATE [Item] SET name='" + name.Replace("'", "''") + "',description='" + description.Replace("'", "''") + "',price='" + price + "' WHERE id='" + edit_id + "'";
}
int a = q.ExecuteNonQuery();
if (a > 0)
{
return(RedirectToAction("Index", "Item", new { item_id = edit_id }));
}
return(RedirectToAction("Error", "PostItem"));
}
public string Index(int item_id, string payment_code, int user_id)
{
SqlConnection con = SQLCon.getConnection();
SqlCommand q = con.CreateCommand();
q.CommandType = CommandType.Text;
User user = (User)Session["loggedUser"];
q.CommandText = "INSERT INTO [Order](user_id,item_id,ordered_time,payment_code) VALUES('" + user.id + "','" + item_id + "','" + DateTime.Now.ToString() + "','" + payment_code + "')";
if (q.ExecuteNonQuery() > 0)
{
q.CommandText = "UPDATE [Item] SET sold=1 WHERE id='" + item_id + "'";
if (q.ExecuteNonQuery() > 0)
{
/* add message */
MessageCenter.addMessage(user_id, item_id, "PURCHASE");
}
return("OK");
}
return("ERROR");
}
public ActionResult Index(string name, int category, double price, string description, HttpPostedFileBase file)
{
SqlConnection con = SQLCon.getConnection();
SqlCommand q = con.CreateCommand();
q.CommandType = CommandType.Text;
string imagefile = "";
if (file.ContentLength > 0)
{
var fileName = Guid.NewGuid().ToString() + ".jpg";
var path = Path.Combine(Server.MapPath("~/Content/Uploads"), fileName);
file.SaveAs(path);
imagefile = fileName;
}
User loggeduser = (User)Session["loggedUser"];
q.CommandText = "INSERT INTO [Item](category_id,user_id,name,description,price,imagefile,sold,delivered) VALUES('" + category + "','" + loggeduser.id + "','" + name.Replace("'", "''") + "','" + description.Replace("'", "''") + "','" + price + "','" + imagefile + "','0','0');";
int a = q.ExecuteNonQuery();
/* increment category table */
q.CommandText = "UPDATE [Category] SET item_count=item_count+1 WHERE id='" + category + "'";
q.ExecuteNonQuery();
if (a > 0)
{
q.CommandText = "SELECT @@IDENTITY AS new_id";
int new_id = Int32.Parse(q.ExecuteScalar().ToString());
return(RedirectToAction("Index", "MyItems", new { new_id = new_id }));
}
return(RedirectToAction("Error", "PostItem"));
}
// GET: Products
public ActionResult Index(int?category_id, string keyword, int?startPrice, int?endPrice, int?page)
{
SqlConnection con = SQLCon.getConnection();
SqlCommand q = con.CreateCommand();
if (page == null)
{
page = 0;
}
ViewBag.page = page;
/* categories */
q.CommandType = CommandType.Text;
q.CommandText = "SELECT * FROM [Category]";
SqlDataReader result = q.ExecuteReader();
List <Category> categories = new List <Category>();
while (result.Read())
{
categories.Add(new Category
{
id = Int32.Parse(result["id"].ToString()),
name = result["name"].ToString(),
item_count = Int32.Parse(result["item_count"].ToString())
});
}
ViewBag.categories = categories;
result.Close();
/* latest items */
string filter = "";
if (category_id != null && category_id > 0)
{
ViewBag.category_id = category_id;
filter += " AND [Item].category_id=" + category_id;
}
if (keyword != null)
{
ViewBag.keyword = keyword;
filter += " AND [Item].name LIKE '%" + keyword + "%'";
}
if (startPrice != null && endPrice != null)
{
ViewBag.startPrice = startPrice;
ViewBag.endPrice = endPrice;
filter += " AND [Item].price>=" + startPrice + " AND [Item].price<=" + endPrice + "";
}
SqlCommand qTotal = con.CreateCommand();
qTotal.CommandType = CommandType.Text;
qTotal.CommandText = "SELECT COUNT([Item].id) AS total FROM [Item] LEFT JOIN [Category] ON [Item].category_id=[Category].id WHERE [Item].sold=0 " + filter + "";
SqlDataReader resultTotal = qTotal.ExecuteReader();
resultTotal.Read();
int totalResults = Int32.Parse(resultTotal["total"].ToString());
int totalPages = (int)Math.Ceiling((double)totalResults / 10);
ViewBag.totalResult = totalResults;
ViewBag.totalPages = totalPages;
resultTotal.Close();
q.CommandType = CommandType.Text;
q.CommandText = "SELECT [Category].name AS category_name, [Category].item_count AS category_item_count,[Item].* FROM [Item] LEFT JOIN [Category] ON [Item].category_id=[Category].id WHERE [Item].sold=0 " + filter + " ORDER BY [Item].id DESC OFFSET " + page * 10 + " ROWS FETCH NEXT 10 ROWS ONLY";
result = q.ExecuteReader();
int currentItems = 0;
List <Item> items = new List <Item>();
while (result.Read())
{
items.Add(new Item
{
id = Int32.Parse(result["id"].ToString()),
category = new Category
{
id = Int32.Parse(result["category_id"].ToString()),
item_count = Int32.Parse(result["category_item_count"].ToString()),
name = result["category_name"].ToString()
},
userId = Int32.Parse(result["user_id"].ToString()),
price = Double.Parse(result["price"].ToString()),
name = result["name"].ToString(),
imageFile = result["imagefile"].ToString(),
description = result["description"].ToString()
});
currentItems++;
}
ViewBag.items = items;
ViewBag.currentItems = currentItems;
/*pages */
string longurl = Request.Url.AbsoluteUri;
var uriBuilder = new UriBuilder(longurl);
var query = HttpUtility.ParseQueryString(uriBuilder.Query);
query["page"] = "pageNumber";
uriBuilder.Query = query.ToString();
longurl = uriBuilder.ToString();
ViewBag.qurl = longurl;
return(View());
}
// GET: Item
public ActionResult Index(int item_id)
{
SqlConnection con = SQLCon.getConnection();
SqlCommand q = con.CreateCommand();
q.CommandType = CommandType.Text;
q.CommandText = "SELECT TOP 1 [User].id AS seller_id, [User].firstname,[User].lastname, [User].email,[User].address,[User].bankdetails,[Category].name AS category_name, [Category].item_count AS category_item_count,[Item].* FROM [Item] LEFT JOIN [Category] ON [Item].category_id=[Category].id LEFT JOIN [User] ON [Item].user_id=[User].id WHERE [Item].id='" + item_id + "'";
SqlDataReader result = q.ExecuteReader();
result.Read();
Item item = new Item
{
id = Int32.Parse(result["id"].ToString()),
category = new Category
{
id = Int32.Parse(result["category_id"].ToString()),
item_count = Int32.Parse(result["category_item_count"].ToString()),
name = result["category_name"].ToString()
},
userId = Int32.Parse(result["user_id"].ToString()),
isSold = Int32.Parse(result["sold"].ToString()) == 1,
price = Double.Parse(result["price"].ToString()),
name = result["name"].ToString(),
imageFile = result["imagefile"].ToString(),
description = result["description"].ToString(),
user = new User
{
id = Int32.Parse(result["seller_id"].ToString()),
email = result["email"].ToString(),
firstName = result["firstname"].ToString(),
lastName = result["lastname"].ToString(),
address = result["address"].ToString(),
bankDetails = result["bankdetails"].ToString()
}
};
ViewBag.item = item;
result.Close();
/* get if item is sold */
if (item.isSold)
{
q.CommandText = "SELECT TOP 1 [User].*,[Order].id AS oid,[Order].ordered_time AS ordered_time, [Order].payment_code AS payment_code FROM [Order] LEFT JOIN [User] ON [Order].user_id=[User].id WHERE [Order].item_id='" + item.id + "'";
result = q.ExecuteReader();
if (result.HasRows)
{
result.Read();
Order order = new Order
{
id = Int32.Parse(result["oid"].ToString()),
orderedTime = DateTime.Parse(result["ordered_time"].ToString()),
paymentCode = result["payment_code"].ToString(),
item = item,
user = new User
{
id = Int32.Parse(result["id"].ToString()),
email = result["email"].ToString(),
firstName = result["firstname"].ToString(),
lastName = result["lastname"].ToString(),
address = result["address"].ToString(),
bankDetails = result["bankdetails"].ToString()
}
};
ViewBag.order = order;
}
}
return(View());
}
// GET: Messages
public ActionResult Index(string keyword, string startDate, string endDate, int?page)
{
if (Session["loggedUser"] == null)
{
RedirectToAction("Index", "Login");
}
if (page == null)
{
page = 0;
}
ViewBag.page = page;
string filter = "";
if (keyword != null)
{
ViewBag.keyword = keyword;
filter += " AND [Item].name LIKE '%" + keyword + "%'";
}
if ((startDate != "" && endDate != "") && (startDate != null && endDate != null))
{
ViewBag.startDate = startDate;
ViewBag.endDate = endDate;
filter += " AND CAST([Message].added_time AS DATE)>='" + startDate + "' AND CAST([Message].added_time AS DATE)<='" + endDate + "'";
}
User user = (User)Session["loggedUser"];
SqlConnection con = SQLCon.getConnection();
SqlCommand qTotal = con.CreateCommand();
qTotal.CommandType = CommandType.Text;
qTotal.CommandText = "SELECT COUNT([Message].id) AS total FROM [Message] LEFT JOIN [Item] ON [Message].item_id=[Item].id LEFT JOIN [User] ON [Message].user_id=[User].id LEFT JOIN [Category] ON [Item].category_id=[Category].id LEFT JOIN [Order] ON [Item].id=[Order].item_id LEFT JOIN [User] AS OUser ON [Order].user_id=OUser.id WHERE [Message].user_id=" + user.id + "" + filter;
SqlDataReader resultTotal = qTotal.ExecuteReader();
resultTotal.Read();
int totalResults = Int32.Parse(resultTotal["total"].ToString());
int totalPages = (int)Math.Ceiling((double)totalResults / 10);
ViewBag.totalResult = totalResults;
ViewBag.totalPages = totalPages;
resultTotal.Close();
SqlCommand q = con.CreateCommand();
q.CommandType = CommandType.Text;
q.CommandText = "SELECT OUser.address AS oaddress,OUser.firstname AS ofirstname,OUser.lastname AS olastname,[User].address,[User].firstname,[User].lastname,[Category].id AS category_id, [Category].item_count AS category_item_count, [Category].name AS category_name, [Item].*, [Message].message_type AS message_type, [Message].added_time FROM [Message] LEFT JOIN [Item] ON [Message].item_id=[Item].id LEFT JOIN [User] ON [Message].user_id=[User].id LEFT JOIN [Category] ON [Item].category_id=[Category].id LEFT JOIN [Order] ON [Item].id=[Order].item_id LEFT JOIN [User] AS OUser ON [Order].user_id=OUser.id WHERE [Message].user_id=" + user.id + "" + filter + " ORDER BY [Message].id DESC OFFSET " + page * 10 + " ROWS FETCH NEXT 10 ROWS ONLY";
SqlDataReader result = q.ExecuteReader();
List <Message> messages = new List <Message>();
while (result.Read())
{
messages.Add(new Message
{
item = new Item
{
id = Int32.Parse(result["id"].ToString()),
category = new Category
{
id = Int32.Parse(result["category_id"].ToString()),
item_count = Int32.Parse(result["category_item_count"].ToString()),
name = result["category_name"].ToString()
},
userId = Int32.Parse(result["user_id"].ToString()),
isSold = Int32.Parse(result["sold"].ToString()) == 1,
isDelivered = Int32.Parse(result["delivered"].ToString()) == 1,
price = Double.Parse(result["price"].ToString()),
name = result["name"].ToString(),
imageFile = result["imagefile"].ToString(),
description = result["description"].ToString()
},
user = new User {
firstName = result["firstname"].ToString(),
lastName = result["lastname"].ToString(),
address = result["address"].ToString()
},
ouser = new User
{
firstName = result["ofirstname"].ToString(),
lastName = result["olastname"].ToString(),
address = result["oaddress"].ToString()
},
messageType = result["message_type"].ToString(),
addedTime = DateTime.Parse(result["added_time"].ToString())
});
}
ViewBag.messages = messages;
ViewBag.item_count = totalResults;
/*pages */
string longurl = Request.Url.AbsoluteUri;
var uriBuilder = new UriBuilder(longurl);
var query = HttpUtility.ParseQueryString(uriBuilder.Query);
query["page"] = "pageNumber";
uriBuilder.Query = query.ToString();
longurl = uriBuilder.ToString();
ViewBag.qurl = longurl;
return(View());
}
public string Index(int item_id)
{
SqlConnection con = SQLCon.getConnection();
SqlCommand q = con.CreateCommand();
q.CommandType = CommandType.Text;
string s = "";
q.CommandText = "SELECT TOP 1 [Category].name AS category_name, [Category].item_count AS category_item_count,[Item].* FROM [Item] LEFT JOIN [Category] ON [Item].category_id=[Category].id WHERE [Item].id='" + item_id + "'";
SqlDataReader result = q.ExecuteReader();
result.Read();
Item item = new Item
{
id = Int32.Parse(result["id"].ToString()),
category = new Category
{
id = Int32.Parse(result["category_id"].ToString()),
item_count = Int32.Parse(result["category_item_count"].ToString()),
name = result["category_name"].ToString()
},
userId = Int32.Parse(result["user_id"].ToString()),
isSold = Int32.Parse(result["sold"].ToString()) == 1,
price = Double.Parse(result["price"].ToString()),
name = result["name"].ToString(),
imageFile = result["imagefile"].ToString(),
description = result["description"].ToString()
};
result.Close();
if (item.isSold)
{
q.CommandText = "SELECT TOP 1 [User].*,[Order].id AS oid,[Order].ordered_time AS ordered_time, [Order].payment_code AS payment_code FROM [Order] LEFT JOIN [User] ON [Order].user_id=[User].id WHERE [Order].item_id='" + item.id + "'";
result = q.ExecuteReader();
if (result.HasRows)
{
result.Read();
Order order = new Order
{
id = Int32.Parse(result["oid"].ToString()),
orderedTime = DateTime.Parse(result["ordered_time"].ToString()),
paymentCode = result["payment_code"].ToString(),
item = item,
user = new User
{
id = Int32.Parse(result["id"].ToString()),
email = result["email"].ToString(),
firstName = result["firstname"].ToString(),
lastName = result["lastname"].ToString(),
address = result["address"].ToString(),
bankDetails = result["bankdetails"].ToString()
}
};
s = "<ul class=\"list-group\">" +
"<li class=\"list-group-item\"><b>Name : </b>" + order.user.firstName + " " + order.user.lastName + "</li>" +
"<li class=\"list-group-item\"><b>Email address : </b>" + order.user.email + "</li>" +
"<li class=\"list-group-item\"><b>Shipping address : </b>" + order.user.address + "</li>" +
"<li class=\"list-group-item\"><b>Bank details : </b>" + order.user.bankDetails + "</li>" +
"<li class=\"list-group-item\"><b>Ordered time : </b>" + order.orderedTime.ToString("yyyy-mm-dd HH:mm:ss") + "</li>" +
"<li class=\"list-group-item\"><b>Payment code : </b>" + order.paymentCode + "</li>" +
"</ul>";
}
}
return(s);
}
// GET: MyItems
public ActionResult Index(string keyword, int?status, int?startPrice, int?endPrice, int?category_id, int?page)
{
if (Session["loggedUser"] == null)
{
RedirectToAction("Index", "Login");
}
if (page == null)
{
page = 0;
}
ViewBag.page = page;
string filter = "";
if (category_id != null && category_id > 0)
{
ViewBag.category_id = category_id;
filter += " AND [Item].category_id=" + category_id;
}
if (keyword != null)
{
ViewBag.keyword = keyword;
filter += " AND [Item].name LIKE '%" + keyword + "%'";
}
ViewBag.status = status;
if (status == 1)
{
filter += " AND [Item].sold=0 ";
}
else if (status == 2)
{
filter += " AND [Item].sold=1 ";
}
else if (status == 3)
{
filter += " AND [Item].delivered=1 ";
}
if (startPrice != null && endPrice != null)
{
ViewBag.startPrice = startPrice;
ViewBag.endPrice = endPrice;
filter += " AND [Item].price>=" + startPrice + " AND [Item].price<=" + endPrice + "";
}
User user = (User)Session["loggedUser"];
SqlConnection con = SQLCon.getConnection();
SqlCommand qTotal = con.CreateCommand();
qTotal.CommandType = CommandType.Text;
qTotal.CommandText = "SELECT COUNT([Item].id) AS total FROM [Item] LEFT JOIN [Category] ON [Item].category_id=[Category].id WHERE [Item].user_id='" + user.id + "' " + filter;
SqlDataReader resultTotal = qTotal.ExecuteReader();
resultTotal.Read();
int totalResults = Int32.Parse(resultTotal["total"].ToString());
int totalPages = (int)Math.Ceiling((double)totalResults / 10);
ViewBag.totalResult = totalResults;
ViewBag.totalPages = totalPages;
resultTotal.Close();
SqlCommand q = con.CreateCommand();
q.CommandType = CommandType.Text;
q.CommandText = "SELECT [Order].user_id AS oid, [Category].name AS category_name, [Category].item_count AS category_item_count,[Item].* FROM [Item] LEFT JOIN [Category] ON [Item].category_id=[Category].id LEFT JOIN [Order] ON [Item].id=[Order].item_id WHERE [Item].user_id='" + user.id + "' " + filter + " ORDER BY [Item].id DESC OFFSET " + page * 10 + " ROWS FETCH NEXT 10 ROWS ONLY";
SqlDataReader result = q.ExecuteReader();
List <Item> items = new List <Item>();
while (result.Read())
{
items.Add(new Item
{
id = Int32.Parse(result["id"].ToString()),
category = new Category
{
id = Int32.Parse(result["category_id"].ToString()),
item_count = Int32.Parse(result["category_item_count"].ToString()),
name = result["category_name"].ToString()
},
userId = Int32.Parse(result["user_id"].ToString()),
isSold = Int32.Parse(result["sold"].ToString()) == 1,
isDelivered = Int32.Parse(result["delivered"].ToString()) == 1,
price = Double.Parse(result["price"].ToString()),
name = result["name"].ToString(),
imageFile = result["imagefile"].ToString(),
description = result["description"].ToString(),
purchasedUserId = Int32.Parse(result["oid"].ToString() == ""?"0": result["oid"].ToString())
});
}
ViewBag.items = items;
ViewBag.item_count = totalResults;
/*pages */
string longurl = Request.Url.AbsoluteUri;
var uriBuilder = new UriBuilder(longurl);
var query = HttpUtility.ParseQueryString(uriBuilder.Query);
query["page"] = "pageNumber";
uriBuilder.Query = query.ToString();
longurl = uriBuilder.ToString();
ViewBag.qurl = longurl;
return(View());
}