protected void btnSubmit_Click(object sender, EventArgs e)
{
if (Page.IsValid)
{
Session["sessionCart"] = cart;
Session["firstName"] = txtFirstName.Text;
Session["lastName"] = TxtLastName.Text;
Session["address"] = txtAddress.Text;
Session["cost"] = lblTotal.Text;
Session["date"] = System.DateTime.Now;
Session["payMeth"] = ddlCardType.SelectedValue;
bool Error = false;
// Get the user id
Guid userID;
SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["DefaultConnection"].ConnectionString);
con.Open();
string query = "SELECT userID FROM [User] WHERE userName = '******';";
SqlCommand cmd = new SqlCommand(query, con);
userID = (Guid)cmd.ExecuteScalar();
//try { userID = (Guid)cmd.ExecuteScalar(); } catch (Exception ee) { ErrorMessage.Text = ee.Message; Error = true; goto SKIPQUERY; }
// insert order
Guid OrderID = Guid.NewGuid();
string paymentInfo = txtFirstNameB.Text + ":" + TxtLastNameB.Text + ":" + txtAddressB.Text + ":" + txtZIPB.Text + ":" + ddlCardType.SelectedValue + txtCCN.Text + ":" + txtCCV.Text;
query = "INSERT INTO [Order] (orderID,total,address,paymentInfo,userID,date) VALUES ('" + OrderID + "','" + lblTotal.Text + "','" + txtAddress.Text + "','" + paymentInfo + "','" + userID + "','" + DateTime.Now + "');";
cmd = new SqlCommand(query, con);
cmd.ExecuteNonQuery();
//try { cmd.ExecuteNonQuery(); } catch (Exception ee) { ErrorMessage.Text = ee.Message; Error = true; goto SKIPQUERY; }
// Submit each item in OrderItems
foreach (ListItem i in lstCart.Items)
{
query = "INSERT INTO [orderItems] (orderItemID,orderID,itemID,itemQuantity) VALUES ('" + Guid.NewGuid() + "','" + OrderID + "','" + cart.GetDisplayItemID(i.Text) + "','" + cart.GetDisplayItemQuantity(i.Text) + "');";
cmd = new SqlCommand(query, con);
cmd.ExecuteNonQuery();
//try { cmd.ExecuteNonQuery(); } catch (Exception ee) { ErrorMessage.Text = ee.Message; Error = true; goto SKIPQUERY; }
}
//SKIPQUERY:
//if (Error != true)
Server.Transfer("~/Account/ThankYou.aspx");
}
}