// PUT api/<controller>/5
public String Put(int ID, [FromBody] createStudents value)
{
conn = new SqlConnection("Data Source=LAPTOP-E01MG43U\\SQLEXPRESS02;Initial Catalog=API;Integrated Security=true");
var sql1 = "UPDATE Students SET f_Name=@f_Name,l_Name=@l_Name,m_Name=@m_Name,Address=@Address,birthdate=@birthdate,score=@score WHERE ID= " + ID;
SqlCommand updateCommand = new SqlCommand(sql1, conn);
updateCommand.Parameters.AddWithValue("@f_Name", value.f_Name);
updateCommand.Parameters.AddWithValue("@l_Name", value.l_Name);
updateCommand.Parameters.AddWithValue("@m_Name", value.m_Name);
updateCommand.Parameters.AddWithValue("@Address", value.Address);
updateCommand.Parameters.AddWithValue("@birthdate", value.birthdate);
updateCommand.Parameters.AddWithValue("@score", value.score);
conn.Open();
int result = updateCommand.ExecuteNonQuery();
if (result > 0)
{
return("Sua thanh cong");
}
else
{
return("Sua that bai");
}
}
// POST api/<controller>
public String Post([FromBody] createStudents value)
{
conn = new SqlConnection("Data Source=LAPTOP-E01MG43U\\SQLEXPRESS02;Initial Catalog=API;Integrated Security=true");
var sql1 = "INSERT INTO Students(f_Name,l_Name,m_Name,Address,birthdate,score)values(@f_Name,@l_Name,@m_Name,@Address,@birthdate,@score)";
SqlCommand insertCommand = new SqlCommand(sql1, conn);
insertCommand.Parameters.AddWithValue("@f_Name", value.f_Name);
insertCommand.Parameters.AddWithValue("@l_Name", value.l_Name);
insertCommand.Parameters.AddWithValue("@m_Name", value.m_Name);
insertCommand.Parameters.AddWithValue("@Address", value.Address);
insertCommand.Parameters.AddWithValue("@birthdate", value.birthdate);
insertCommand.Parameters.AddWithValue("@score", value.score);
conn.Open();
int result = insertCommand.ExecuteNonQuery();
if (result > 0)
{
return("Them thanh cong");
}
else
{
return("Them that bai");
}
}
