/// <summary>
/// Updates a user to have specified information
/// </summary>
/// <param name="user">a user object with the new information</param>
/// <returns>true if the update is sucessful, false otherwise</returns>
public bool UpdateUser(User user)
{
SqlCommand command = new SqlCommand("UPDATE Users "+
"SET name ='"+ user.Name + "', "+
"password ='******', " +
"email = '" + user.Email + "' WHERE id=" + user.Id,
connection);
return command.ExecuteNonQuery() > 0;
}
/// <summary>
/// Add a new user to the database
/// </summary>
/// <param name="user">The user to add</param>
/// <returns>Returns the user including the id of the user, or null if the user could not be added</returns>
public User AddUser(User user) {
if (user.Username == null || user.Name == null || user.Password == null || user.Email == null) {
return new User() { Id = -1 };
}
SqlCommand command = new SqlCommand("SELECT id FROM Users " +
"WHERE userName = '******'",
connection);
if (command.ExecuteScalar() != null) return null;
command.CommandText = "INSERT INTO Users(userName, password, name, email, balance)" +
"VALUES ('" +
user.Username + "', '" +
user.Password + "', '" +
user.Name + "', '" +
user.Email + "', " +
user.Balance + ")";
if (command.ExecuteNonQuery() > 0) {
command.CommandText = "SELECT IDENT_CURRENT('Users')";
user.Id = Int32.Parse(command.ExecuteScalar().ToString());
return user;
}
return new User() { Id = -1 };
}