private void Order_finish()
{
int id_zam = Check_IDzam();
List <string> user_info = Return_user_info();
string sql_z = "INSERT INTO ZNorthwind.dbo.Zamówienia(IDzamówienia,IDklienta,DataZamówienia,DataWysyłki,AdresOdbiorcy,NazwaOdbiorcy,MiastoOdbiorcy,KrajOdbiorcy,KodPocztowyOdbiorcy)" +
" VALUES (@id_z,@id_k,@data_zam,@data_wys,@adres,@n_firmy,@miasto,@kraj,@k_pocztowy)";
var command_z = new SqlCommand(sql_z, DBconnection.Connection());
command_z.Parameters.AddWithValue("@id_z", id_zam);
command_z.Parameters.AddWithValue("@id_k", Global_variable.IDklienta);
command_z.Parameters.AddWithValue("@data_zam", data_zam);
command_z.Parameters.AddWithValue("@data_wys", data_zam.AddHours(random.Next(4, 72)));
command_z.Parameters.AddWithValue("@n_firmy", user_info.ElementAt(0).ToString());
command_z.Parameters.AddWithValue("@miasto", user_info.ElementAt(1).ToString());
command_z.Parameters.AddWithValue("@adres", user_info.ElementAt(2).ToString());
command_z.Parameters.AddWithValue("@k_pocztowy", user_info.ElementAt(3).ToString());
command_z.Parameters.AddWithValue("@kraj", user_info.ElementAt(4).ToString());
command_z.ExecuteNonQuery();
foreach (DataGridViewRow row in DataGridView_koszyk.Rows)
{
string sql_pz = "INSERT INTO ZNorthwind.dbo.PozycjeZamówienia(IDzamówienia,IDproduktu,CenaJednostkowa,Ilość,Rabat)" +
" VALUES (@id_z,@id_p,@cena,@ilosc,@rabat)";
var command_pz = new SqlCommand(sql_pz, DBconnection.Connection());
command_pz.Parameters.AddWithValue("@id_z", id_zam);
command_pz.Parameters.AddWithValue("@id_p", Convert.ToInt32(row.Cells[4].Value));
command_pz.Parameters.AddWithValue("@cena", Convert.ToDouble(row.Cells[3].Value));
command_pz.Parameters.AddWithValue("@ilosc", Convert.ToInt32(row.Cells[2].Value));
command_pz.Parameters.AddWithValue("@rabat", 0);
command_pz.ExecuteNonQuery();
}
DBconnection.Connection_Close(DBconnection.Connection());
Cleaning_after_order();
}
private void Create()
{
string sql = "INSERT INTO ZNorthwind.dbo.Klienci(IDklienta,NazwaFirmy,Miasto,Adres,KodPocztowy,Kraj,Telefon,Hasło)" +
"VALUES (@id,@nazwafirmy,@miasto,@adres,@kodpocztowy,@kraj,@telefon,HASHBYTES('SHA1','@haslo'))";
var command = new SqlCommand(sql, DBconnection.Connection());
command.Parameters.AddWithValue("@nazwafirmy", textBox_Imie.Text + " " + textBox_Nazwisko.Text);
command.Parameters.AddWithValue("@id", textBox_Login.Text.ToUpper());
command.Parameters.AddWithValue("@miasto", textBox_Miasto.Text);
command.Parameters.AddWithValue("@adres", textBox_Adres.Text);
command.Parameters.AddWithValue("@kodpocztowy", textBox_Kod_pocztowy.Text);
command.Parameters.AddWithValue("@kraj", textBox_Kraj.Text);
command.Parameters.AddWithValue("@telefon", textBox_Telefon.Text);
command.Parameters.AddWithValue("@haslo", textBox_Haslo.Text);
command.ExecuteNonQuery();
DBconnection.Connection_Close(DBconnection.Connection());
}
private void Logowanie()
{
if (login == null || password == null)
{
DialogResult msg = MessageBox.Show("Musisz podać login i haslo", "Logowanie", MessageBoxButtons.RetryCancel, MessageBoxIcon.Error);
if (msg != DialogResult.Retry)
{
ActiveForm.Close();
}
}
else
{
string sql;
sql = "SELECT COUNT(*) FROM Klienci WHERE IDklienta = @id AND Hasło = HASHBYTES('SHA1','@haslo')";
var command = new SqlCommand(sql, DBconnection.Connection());
command.Parameters.AddWithValue("@id", login);
command.Parameters.AddWithValue("@haslo", password);
int results = (int)command.ExecuteScalar();
if (results > 0)
{
Global_variable.IDklienta = login.ToUpper();
Global_variable.User_status = true;
DBconnection.Connection_Close(DBconnection.Connection());
ActiveForm.Close();
}
else
{
DialogResult result = MessageBox.Show("Złe dane logowania", "Logowanie", MessageBoxButtons.RetryCancel, MessageBoxIcon.Error);
if (result != DialogResult.Retry)
{
DBconnection.Connection_Close(DBconnection.Connection());
ActiveForm.Close();
}
}
}
}
