// PUT api/<controller>/5 public String Put(int ID, [FromBody] createStudents value) { conn = new SqlConnection("Data Source=LAPTOP-E01MG43U\\SQLEXPRESS02;Initial Catalog=API;Integrated Security=true"); var sql1 = "UPDATE Students SET f_Name=@f_Name,l_Name=@l_Name,m_Name=@m_Name,Address=@Address,birthdate=@birthdate,score=@score WHERE ID= " + ID; SqlCommand updateCommand = new SqlCommand(sql1, conn); updateCommand.Parameters.AddWithValue("@f_Name", value.f_Name); updateCommand.Parameters.AddWithValue("@l_Name", value.l_Name); updateCommand.Parameters.AddWithValue("@m_Name", value.m_Name); updateCommand.Parameters.AddWithValue("@Address", value.Address); updateCommand.Parameters.AddWithValue("@birthdate", value.birthdate); updateCommand.Parameters.AddWithValue("@score", value.score); conn.Open(); int result = updateCommand.ExecuteNonQuery(); if (result > 0) { return("Sua thanh cong"); } else { return("Sua that bai"); } }
// POST api/<controller> public String Post([FromBody] createStudents value) { conn = new SqlConnection("Data Source=LAPTOP-E01MG43U\\SQLEXPRESS02;Initial Catalog=API;Integrated Security=true"); var sql1 = "INSERT INTO Students(f_Name,l_Name,m_Name,Address,birthdate,score)values(@f_Name,@l_Name,@m_Name,@Address,@birthdate,@score)"; SqlCommand insertCommand = new SqlCommand(sql1, conn); insertCommand.Parameters.AddWithValue("@f_Name", value.f_Name); insertCommand.Parameters.AddWithValue("@l_Name", value.l_Name); insertCommand.Parameters.AddWithValue("@m_Name", value.m_Name); insertCommand.Parameters.AddWithValue("@Address", value.Address); insertCommand.Parameters.AddWithValue("@birthdate", value.birthdate); insertCommand.Parameters.AddWithValue("@score", value.score); conn.Open(); int result = insertCommand.ExecuteNonQuery(); if (result > 0) { return("Them thanh cong"); } else { return("Them that bai"); } }