protected void btnAdd_Click(object sender, EventArgs e) { using (SqlConnection con = new SqlConnection(Util.GetConnection())) { con.Open(); string SQL = @"INSERT INTO Products VALUES(@Name, @CatID, @Code, @Description, @Image, @Price, @IsFeatured, @Available, @Criticallevel, @Maximum, @Status, @DateAdded, @DateModified)"; if (FileImageUpload.PostedFile != null) { string Image = Path.GetFileName(FileImageUpload.PostedFile.FileName); //Get image path FileImageUpload.SaveAs(Server.MapPath("Image/" + Image)); //Save files to disk using (SqlCommand cmd = new SqlCommand(SQL, con)) { cmd.Parameters.AddWithValue("@Name", txtName.Text); cmd.Parameters.AddWithValue("@CatID", ddlCategory.SelectedValue); cmd.Parameters.AddWithValue("@Code", txtCode.Text); cmd.Parameters.AddWithValue("@Description", txtDescription.Text); cmd.Parameters.AddWithValue("@Image", "Image/" + Image); cmd.Parameters.AddWithValue("@Price", txtPrice.Text); cmd.Parameters.AddWithValue("@IsFeatured", ddlIsFeatured.SelectedValue); cmd.Parameters.AddWithValue("@Available", 0); cmd.Parameters.AddWithValue("@Criticallevel", txtCriticallevel.Text); cmd.Parameters.AddWithValue("@Maximum", txtMaximum.Text); cmd.Parameters.AddWithValue("@Status", "Active"); cmd.Parameters.AddWithValue("@DateAdded", DateTime.Now); cmd.Parameters.AddWithValue("@DateModified", DBNull.Value); cmd.ExecuteNonQuery(); Response.Redirect("Default.aspx"); } } } }
protected void btnUpdate_Click(object sender, EventArgs e) { using (SqlConnection con = new SqlConnection(Util.GetConnection())) { con.Open(); string SQL = @"UPDATE Products SET Name = @Name, CatID = @CatID, Code = @Code, Description = @Description, Image = @Image, Price = @Price, IsFeatured = @IsFeatured, Available = @Available, Criticallevel = @Criticallevel, Maximum = @Maximum, DateModified = @DateModified WHERE ProductID = @ProductID"; if (FileImageUpload.PostedFile != null) { string Image = Path.GetFileName(FileImageUpload.PostedFile.FileName); //Get image path FileImageUpload.SaveAs(Server.MapPath("Image/" + Image)); //Save files to disk using (SqlCommand cmd = new SqlCommand(SQL, con)) { cmd.Parameters.AddWithValue("@Name", txtName.Text); cmd.Parameters.AddWithValue("@CatID", ddlCategory.SelectedValue); cmd.Parameters.AddWithValue("@Code", txtCode.Text); cmd.Parameters.AddWithValue("@Description", txtDescription.Text); cmd.Parameters.AddWithValue("@Image", "Image/" + Image); cmd.Parameters.AddWithValue("@Price", txtPrice.Text); cmd.Parameters.AddWithValue("@IsFeatured", ddlIsFeatured.SelectedValue); cmd.Parameters.AddWithValue("@Available", 0); cmd.Parameters.AddWithValue("@Criticallevel", txtCriticallevel.Text); cmd.Parameters.AddWithValue("@Maximum", txtMaximum.Text); cmd.Parameters.AddWithValue("@DateModified", DateTime.Now); cmd.Parameters.AddWithValue("@ProductID", Request.QueryString["ID"].ToString()); cmd.ExecuteNonQuery(); Response.Redirect("Default.aspx"); } } } }