protected void Button1_Click(object sender, EventArgs e)
{
if (Session["User"] != null)
{
string Pid = Request.QueryString["id"].ToString();
string tblUser = (String)Session["User"];
DBConn myDB = new DBConn();
if (myDB.LookUp("select id from tblFav where tblUser='******' and Pid=" + Pid, "id") != "")
{
Response.Write("<script>alert('您已经收藏该产品了 ~');</script>");
myDB.Close();
return;
}
string sql = "insert into [tblFav](tblUser,Pid) values ( '" + tblUser + "', '" + Pid + "')";
myDB.ExecuteNonQuery(sql);
myDB.Close();
Response.Write("<script>alert('收藏成功 ~');</script>");
}
else
{
Response.Write("<script>alert('未登陆无法收藏~');</script>");
}
}
protected void Button1_Click(object sender, EventArgs e)
{
if (Session["User"] != null)
{
string Pid = Request.QueryString["id"].ToString();
//检查库存
string strNum = DropDownList1.SelectedValue;
DBConn myDB = new DBConn();
string mySql = "select PStock from Products where PID=" + Pid;
SqlDataReader mydr = myDB.getDataReader(mySql);
if (mydr.Read())
{
int iPStock = Int32.Parse(mydr["PStock"].ToString());
if (iPStock < int.Parse(strNum))
{
Response.Write("<script>");
Response.Write("alert('库存不足!!!现在库存还有[ " + iPStock.ToString() + " ]');");
Response.Write("</script>");
return;
}
}
else
{
Response.Write("<script>");
Response.Write("alert('没有这个二手书!!!');");
Response.Write("</script>");
mydr.Close();
myDB.Close();
Response.Redirect("index.aspx");
return;
}
mydr.Close();
myDB.Close();
string tblUser = (String)Session["User"];
string sql = "insert into [tblBasket](tblUser,Pid,isN,isMoney) values ( '" + tblUser + "', '" + Pid + "', '" + strNum + "', " + lblCount.Text + ")";
DBConn myDB1 = new DBConn();
myDB1.ExecuteNonQuery(sql);
myDB1.Close();
Response.Write("<script>alert('加入购物车成功 ~');</script>");
}
else
{
Response.Write("<script>alert('未登陆无法收藏~');</script>");
}
}
protected void Page_Load(object sender, System.EventArgs e)
{
if (!IsPostBack)
{
if (Request.QueryString["did"] != null)
{
string Pid = Request.QueryString["did"].ToString();
string sql = "delete from [tblBasket] where id=" + Pid;
DBConn myDB = new DBConn();
myDB.ExecuteNonQuery(sql);
myDB.Close();
}
if (Session["User"] != null)
{
txtName.Enabled = false;
txtName.Text = (string)Session["User"];
DBConn db1 = new DBConn();
TextBox1.Text = db1.LookUp("select 真实姓名 from tblUser where UserName='******'", "真实姓名");
lblTotalPric.Text = db1.LookUp("select sum(ismoney) as '1' from viwBasket where tblUser='******'", "1");
}
else
{
Response.Write("<script>alert('未登陆禁止订购');window.close();</script>");
Response.End();
return;
}
getData();
string DBPath = ConfigurationSettings.AppSettings["DataBasePath"];
string connStr = (DBPath);
SqlConnection con = new SqlConnection(connStr);
con.Open();
string sql1 = "select * from tblMode";
SqlDataAdapter sda1 = new SqlDataAdapter(sql1, con);
DataSet ds1 = new DataSet();
sda1.Fill(ds1, "tblMode");
foreach (DataRow row in ds1.Tables[0].Rows)
{
this.dplBm.Items.Add(row["名称"].ToString());
}
}
}
protected void Page_Load(object sender, System.EventArgs e)
{
if (!IsPostBack)
{
if (Request.QueryString["did"] != null)
{
string Pid = Request.QueryString["did"].ToString();
string sql = "delete from [tblBasket] where id=" + Pid;
DBConn myDB = new DBConn();
myDB.ExecuteNonQuery(sql);
myDB.Close();
}
if (Session["User"] != null)
{
txtName.Enabled = false;
txtName.Text = (string)Session["User"];
DBConn db1 = new DBConn();
TextBox1.Text = db1.LookUp("select 真实姓名 from tblUser where UserName='******'", "真实姓名");
lblTotalPric.Text = db1.LookUp("select sum(ismoney) as '1' from viwBasket where tblUser='******'", "1");
}
else
{
Response.Write("<script>alert('未登陆禁止订购');window.close();</script>");
Response.End();
return;
}
getData();
string DBPath = ConfigurationSettings.AppSettings["DataBasePath"];
string connStr = (DBPath);
SqlConnection con = new SqlConnection(connStr);
con.Open();
string sql1 = "select * from tblMode";
SqlDataAdapter sda1 = new SqlDataAdapter(sql1, con);
DataSet ds1 = new DataSet();
sda1.Fill(ds1, "tblMode");
foreach (DataRow row in ds1.Tables[0].Rows)
{
this.dplBm.Items.Add(row["名称"].ToString());
}
}
}
protected void Button1_Click(object sender, EventArgs e)
{
if (Session["User"] != null)
{
string Pid = Request.QueryString["id"].ToString();
string tblUser = (String)Session["User"];
string sql = "insert into [tblLeaveWord](UserName,Pid,isNote) values ( '" + tblUser + "', '" + Pid + "', '" + TextBox1.Text + "')";
DBConn myDB = new DBConn();
myDB.ExecuteNonQuery(sql);
myDB.Close();
Response.Redirect("productDisplay.aspx?id=" + Request.QueryString["id"].ToString());
}
else
{
Response.Write("<script>alert('未登陆无法评论~');</script>");
}
}
protected void Page_Load(object sender, System.EventArgs e)
{
if (!IsPostBack)
{
if (Request.QueryString["did"] != null)
{
string Pid = Request.QueryString["did"].ToString();
string sql = "delete from [tblFav] where id=" + Pid;
DBConn myDB = new DBConn();
myDB.ExecuteNonQuery(sql);
myDB.Close();
}
getData();
}
}
protected void Page_Load(object sender, System.EventArgs e)
{
if (!IsPostBack)
{
if (Request.QueryString["did"] != null)
{
string Pid = Request.QueryString["did"].ToString();
string sql = "delete from [tblLeaveWord] where id=" + Pid;
DBConn myDB = new DBConn();
myDB.ExecuteNonQuery(sql);
myDB.Close();
}
getData();
}
}
protected void Button1_Click(object sender, EventArgs e)
{
if (Session["User"] != null)
{
string Pid = Request.QueryString["id"].ToString();
string tblUser = (String)Session["User"];
string sql = "insert into [tblLeaveWord](UserName,Pid,isNote) values ( '" + tblUser + "', '" + Pid + "', '" + TextBox1.Text + "')";
DBConn myDB = new DBConn();
myDB.ExecuteNonQuery(sql);
myDB.Close();
Response.Redirect("productDisplay.aspx?id=" + Request.QueryString["id"].ToString());
}
else
{
Response.Write("<script>alert('未登陆无法评论~');</script>");
}
}
protected void Button1_Click(object sender, EventArgs e)
{
if (Session["User"] != null)
{
string Pid = Request.QueryString["id"].ToString();
//检查库存
string strNum = DropDownList1.SelectedValue;
DBConn myDB = new DBConn();
string mySql = "select PStock from Products where PID=" + Pid;
SqlDataReader mydr = myDB.getDataReader(mySql);
if (mydr.Read())
{
int iPStock = Int32.Parse(mydr["PStock"].ToString());
if (iPStock < int.Parse(strNum))
{
Response.Write("<script>");
Response.Write("alert('库存不足!!!现在库存还有[ " + iPStock.ToString() + " ]');");
Response.Write("</script>");
return;
}
}
else
{
Response.Write("<script>");
Response.Write("alert('没有这个二手书!!!');");
Response.Write("</script>");
mydr.Close();
myDB.Close();
Response.Redirect("index.aspx");
return;
}
mydr.Close();
myDB.Close();
string tblUser = (String)Session["User"];
string sql = "insert into [tblBasket](tblUser,Pid,isN,isMoney) values ( '" + tblUser + "', '" + Pid + "', '" + strNum + "', " + lblCount.Text +")";
DBConn myDB1 = new DBConn();
myDB1.ExecuteNonQuery(sql);
myDB1.Close();
Response.Write("<script>alert('加入购物车成功 ~');</script>");
}
else
{
Response.Write("<script>alert('未登陆无法收藏~');</script>");
}
}
protected void btnOK_Click(object sender, System.EventArgs e)
{
string strUName = txtUserName.Text.Trim();
string strUPhone = txtUserPhone.Text.Trim();
string strUEmail = txtEmail.Text.Trim();
string strMTitle = txtTitle.Text.Trim();
string strMContent = txtContent.Text.Trim();
if( strUEmail == String.Empty || strMTitle == String.Empty || strMContent == String.Empty )
{
Response.Write("<script>");
Response.Write("alert('请把必填项添上!!!');");
Response.Write("</script>");
return;
}
if( strMContent.Length > 300 )
{
Response.Write("<script>");
Response.Write("alert('内容太长了..(300字以内)!!!');");
Response.Write("</script>");
return;
}
//防止恶意刷信息
if( Session["messageCheck"] != null )
{
DateTime myDTime = (DateTime)Session["messageCheck"];
if( myDTime.AddMilliseconds(30000) > DateTime.Now )
{
Response.Write("<script>");
TimeSpan myTime = DateTime.Now - (DateTime)Session["messageCheck"];
Response.Write("alert('不能频繁提交,请在" + (30-myTime.Seconds) + "秒后继续!!!');");
Response.Write("</script>");
return;
}
}
//过滤输入字符串
strUName = CleanString.htmlInputText( strUName );
strUPhone = CleanString.htmlInputText( strUPhone );
strUEmail = CleanString.htmlInputText( strUEmail );
strMTitle = CleanString.htmlInputText( strMTitle );
strMContent = CleanString.htmlInputText( strMContent );
string mySql = "insert into [message](UName,UPhone,UEmail,MTitle,MContent,Pubdate) values('" +
strUName + "','" + strUPhone + "','" + strUEmail + "','" + strMTitle
+ "','" + strMContent + "','" + DateTime.Now + "')";
DBConn myDB = new DBConn();
myDB.ExecuteNonQuery( mySql );
myDB.Close();
Session["messageCheck"] = DateTime.Now; //防止恶意刷信息 记录提交时间
Response.Write("<script>");
Response.Write ("alert('成功提交!')");
Response.Write ("</script>");
txtUserName.Text = "";
txtUserPhone.Text = "";
txtEmail.Text = "";
txtTitle.Text = "";
txtContent.Text = "";
}
protected void Page_Load(object sender, System.EventArgs e)
{
if (!IsPostBack)
{
if (Session["myOrder"] == null)
{
Response.Redirect("index.aspx");
return;
}
//返回操作
if (Request.QueryString["key"] == null || Request.QueryString["key"].ToString() == String.Empty)
{
Response.Redirect("index.aspx");
return;
}
string strBack = Request.QueryString["key"].ToString();
strBack = Server.UrlDecode(strBack);
lblBack.Text = "<a href='index.aspx'>返回</a>";
Order myOrder = (Order)Session["myOrder"];
string strOID = myOrder.OID;
string strPID = myOrder.PID;
string strPName = myOrder.PName;
string strPNum = myOrder.PNum;
string strPPrice = myOrder.PPrice;
string strTotalPrice = myOrder.TotalPrice;
string strTName = myOrder.TName;
string strEmail = myOrder.Email;
string strPhone = myOrder.Phone;
string strPCPrice = myOrder.PCPrice;//成本
strOID = getNewOrderID(); //订单号
string sql = "";
DBConn myDB = new DBConn();
if (strPID == "0")
{
//没有ID 为批量购物的订单
//清空购物车,添加批量记录
strPName = "批量购买产品,请查看详情";
strPNum = "0";
strPPrice = "0";
sql = "select * from [viwBasket] where tblUser='******'order by ID desc";
DataSet ds1 = myDB.getDataSet(sql);
foreach (DataRow row in ds1.Tables[0].Rows)
{
string sql1 = "";
string tblUser, Pid, isN, isMoney, OrderNo;
tblUser = row["tblUser"].ToString();
isN = row["isN"].ToString();
isMoney = row["isMoney"].ToString();
OrderNo = strOID;
Pid = row["Pid"].ToString();
sql1 = "Insert into tblP_Order(tblUser,Pid,isN,isMoney,OrderNo) values ( '" +
tblUser + "', '" + Pid + "', '" + isN + "', " + isMoney + ", '" + OrderNo + "')";
myDB.ExecuteNonQuery(sql1);
myDB.ExecuteNonQuery("Update Products Set PStock = PStock - " + isN + ",PSellNum = PSellNum + " + isN + " WHERE PID = " + Pid);
}
sql = "delete from [tblBasket] where tblUser='******'";
myDB.ExecuteNonQuery(sql);//删除购物车
sql = "insert into [Order](OID,PID,PName,PNum,PPrice,TotalPrice,Pubdate,TName,Email,Phone,PCPrice) values('" +
strOID + "'," + strPID + ",'" + strPName + "'," + strPNum + "," + strPPrice + "," + strTotalPrice + ",'" +
DateTime.Now + "','" + strTName + "','" + strEmail + "','" + strPhone + "',0)";
}
else
{
sql = "insert into [Order](OID,PID,PName,PNum,PPrice,TotalPrice,Pubdate,TName,Email,Phone,PCPrice) values('" +
strOID + "'," + strPID + ",'" + strPName + "'," + strPNum + "," + strPPrice + "," + strTotalPrice + ",'" +
DateTime.Now + "','" + strTName + "','" + strEmail + "','" + strPhone + "'," + strPCPrice + ")";
myDB.ExecuteNonQuery("Update Products Set PStock = PStock - " + strPNum + ",PSellNum = PSellNum + " + strPNum + " WHERE PID = " + strPID);
}
myDB.ExecuteNonQuery(sql);
myOrder.OID = strOID;
Session["myOrder"] = myOrder;
if (strPID == "0")
{
lblDetailP.Text = "<a href='P_OderInfo.aspx?id=" + strOID + "' target='_blank'>查看批量购买的产品详情</a>";
}
lblOrderID.Text = strOID;
lblPName.Text = strPName;
lblPNum.Text = strPNum;
lblPPrice.Text = strPPrice;
lblTotalPrice.Text = strTotalPrice;
lblTName.Text = strTName;
lblEmail.Text = strEmail;
lblPhone.Text = strPhone;
Label1.Text = myDB.LookUp("select * from tbluser where UserName='******'", "真实姓名");
myDB.Close();
}
}
protected void btnOK_Click(object sender, System.EventArgs e)
{
string strUName = txtUserName.Text.Trim();
string strUPhone = txtUserPhone.Text.Trim();
string strUEmail = txtEmail.Text.Trim();
string strMTitle = txtTitle.Text.Trim();
string strMContent = txtContent.Text.Trim();
if (strUEmail == String.Empty || strMTitle == String.Empty || strMContent == String.Empty)
{
Response.Write("<script>");
Response.Write("alert('请把必填项添上!!!');");
Response.Write("</script>");
return;
}
if (strMContent.Length > 300)
{
Response.Write("<script>");
Response.Write("alert('内容太长了..(300字以内)!!!');");
Response.Write("</script>");
return;
}
//防止恶意刷信息
if (Session["messageCheck"] != null)
{
DateTime myDTime = (DateTime)Session["messageCheck"];
if (myDTime.AddMilliseconds(30000) > DateTime.Now)
{
Response.Write("<script>");
TimeSpan myTime = DateTime.Now - (DateTime)Session["messageCheck"];
Response.Write("alert('不能频繁提交,请在" + (30 - myTime.Seconds) + "秒后继续!!!');");
Response.Write("</script>");
return;
}
}
//过滤输入字符串
strUName = CleanString.htmlInputText(strUName);
strUPhone = CleanString.htmlInputText(strUPhone);
strUEmail = CleanString.htmlInputText(strUEmail);
strMTitle = CleanString.htmlInputText(strMTitle);
strMContent = CleanString.htmlInputText(strMContent);
string mySql = "insert into [message](UName,UPhone,UEmail,MTitle,MContent,Pubdate) values('" +
strUName + "','" + strUPhone + "','" + strUEmail + "','" + strMTitle
+ "','" + strMContent + "','" + DateTime.Now + "')";
DBConn myDB = new DBConn();
myDB.ExecuteNonQuery(mySql);
myDB.Close();
Session["messageCheck"] = DateTime.Now; //防止恶意刷信息 记录提交时间
Response.Write("<script>");
Response.Write("alert('成功提交!')");
Response.Write("</script>");
txtUserName.Text = "";
txtUserPhone.Text = "";
txtEmail.Text = "";
txtTitle.Text = "";
txtContent.Text = "";
}
protected void Button1_Click(object sender, EventArgs e)
{
if (Session["User"] != null)
{
string Pid = Request.QueryString["id"].ToString();
string tblUser = (String)Session["User"];
DBConn myDB = new DBConn();
if (myDB.LookUp("select id from tblFav where tblUser='******' and Pid=" + Pid, "id") != "")
{ Response.Write("<script>alert('您已经收藏该产品了 ~');</script>");
myDB.Close();
return;
}
string sql = "insert into [tblFav](tblUser,Pid) values ( '" + tblUser + "', '" + Pid + "')";
myDB.ExecuteNonQuery(sql);
myDB.Close();
Response.Write("<script>alert('收藏成功 ~');</script>");
}
else
{
Response.Write("<script>alert('未登陆无法收藏~');</script>");
}
}
protected void Page_Load(object sender, System.EventArgs e)
{
if (!IsPostBack)
{
if (Session["myOrder"] == null)
{
Response.Redirect("index.aspx");
return;
}
//返回操作
if (Request.QueryString["key"] == null || Request.QueryString["key"].ToString() == String.Empty)
{
Response.Redirect("index.aspx");
return;
}
string strBack = Request.QueryString["key"].ToString();
strBack = Server.UrlDecode(strBack);
lblBack.Text = "<a href='index.aspx'>返回</a>";
Order myOrder = (Order)Session["myOrder"];
string strOID = myOrder.OID;
string strPID = myOrder.PID;
string strPName = myOrder.PName;
string strPNum = myOrder.PNum;
string strPPrice = myOrder.PPrice;
string strTotalPrice = myOrder.TotalPrice;
string strTName = myOrder.TName;
string strEmail = myOrder.Email;
string strPhone = myOrder.Phone;
string strPCPrice = myOrder.PCPrice;//成本
strOID = getNewOrderID(); //订单号
string sql = "";
DBConn myDB = new DBConn();
if (strPID == "0")
{
//没有ID 为批量购物的订单
//清空购物车,添加批量记录
strPName = "批量购买产品,请查看详情";
strPNum = "0";
strPPrice = "0";
sql = "select * from [viwBasket] where tblUser='******'order by ID desc";
DataSet ds1 = myDB.getDataSet(sql);
foreach (DataRow row in ds1.Tables[0].Rows)
{
string sql1 = "";
string tblUser, Pid, isN, isMoney, OrderNo;
tblUser = row["tblUser"].ToString();
isN = row["isN"].ToString();
isMoney = row["isMoney"].ToString();
OrderNo = strOID;
Pid = row["Pid"].ToString();
sql1 = "Insert into tblP_Order(tblUser,Pid,isN,isMoney,OrderNo) values ( '" +
tblUser + "', '" + Pid + "', '" + isN + "', " + isMoney + ", '" + OrderNo + "')";
myDB.ExecuteNonQuery(sql1);
}
sql = "delete from [tblBasket] where tblUser='******'";
myDB.ExecuteNonQuery(sql);//删除购物车
sql = "insert into [Order](OID,PID,PName,PNum,PPrice,TotalPrice,Pubdate,TName,Email,Phone,PCPrice) values('" +
strOID + "'," + strPID + ",'" + strPName + "'," + strPNum + "," + strPPrice + "," + strTotalPrice + ",'" +
DateTime.Now + "','" + strTName + "','" + strEmail + "','" + strPhone + "',0)";
}
else
{
sql = "insert into [Order](OID,PID,PName,PNum,PPrice,TotalPrice,Pubdate,TName,Email,Phone,PCPrice) values('" +
strOID + "'," + strPID + ",'" + strPName + "'," + strPNum + "," + strPPrice + "," + strTotalPrice + ",'" +
DateTime.Now + "','" + strTName + "','" + strEmail + "','" + strPhone + "'," + strPCPrice + ")";
}
myDB.ExecuteNonQuery(sql);
myOrder.OID = strOID;
Session["myOrder"] = myOrder;
if (strPID == "0") lblDetailP.Text = "<a href='P_OderInfo.aspx?id=" + strOID + "' target='_blank'>查看批量购买的产品详情</a>";
lblOrderID.Text = strOID;
lblPName.Text = strPName;
lblPNum.Text = strPNum;
lblPPrice.Text = strPPrice;
lblTotalPrice.Text = strTotalPrice;
lblTName.Text = strTName;
lblEmail.Text = strEmail;
lblPhone.Text = strPhone;
Label1.Text = myDB.LookUp("select * from tbluser where UserName='******'", "真实姓名");
myDB.Close();
}
}
