public void createUser(user newUser) { SqlConnection conn = null; SqlCommand cmd = null; SqlDataReader reader = null; conn = new SqlConnection(ConfigurationManager.ConnectionStrings["vetoTours"].ToString()); conn.Open(); string query = "INSERT INTO users VALUES('" + newUser.getUserID() + "', '" + newUser.getPassword() + "', '" + newUser.getName() + "', '" + newUser.getEmail() + "', '" + newUser.getPhoneNumber() + "', '" + newUser.getPersonalDescription() + "', '" + newUser.getStatus() + "')"; cmd = new SqlCommand(query, conn); reader = cmd.ExecuteReader(); reader.Close(); conn.Close(); }
public void suspendUser(user targetUser) { SqlConnection conn = null; SqlCommand cmd = null; SqlDataReader reader = null; conn = new SqlConnection(ConfigurationManager.ConnectionStrings["vetoTours"].ToString()); conn.Open(); string query = "UPDATE users SET password= '******', name='" + targetUser.getName() + "', email ='" + targetUser.getEmail() + "', phoneNumber=" + targetUser.getPhoneNumber() + ", description ='" + targetUser.getPersonalDescription() + "', status=" + targetUser.getStatus() + " WHERE userID='" + targetUser.getUserID() + "';"; cmd = new SqlCommand(query, conn); reader = cmd.ExecuteReader(); reader.Close(); query = "UPDATE tours SET status= 'suspended' WHERE userID='" + targetUser.getUserID() + "';"; cmd = new SqlCommand(query, conn); reader = cmd.ExecuteReader(); conn.Close(); }