public ActionResult NewStory(string id) { if (Session["Id"] == null) { TempData["notloggedin"] = "<script> alert('Please Login To Continue');</script>"; return(RedirectToAction("Login", "Login")); } NewStoryInfo newStoryInfo = new NewStoryInfo(); newStoryInfo.tags.tagName = id; Session["currentTag"] = id; return(View(newStoryInfo)); }
public ActionResult NewStory(NewStoryInfo storyInfo) { if (Session["Id"] == null) { TempData["notloggedin"] = "<script> alert('Please Login To Continue');</script>"; return(RedirectToAction("Login", "Login")); } string fileName = ""; string filePath = ""; var file = storyInfo.file[0]; string bookName = storyInfo.books.bookName; string boodSummary = storyInfo.books.summary; string query = ""; int bookId = 0; try { if (file.ContentLength > 0) { fileName = Path.GetFileName(file.FileName); filePath = Path.Combine(Server.MapPath("~/images/Books"), fileName); string toSave = "~/images/Books/" + fileName; file.SaveAs(filePath); int currentUser = (int)System.Web.HttpContext.Current.Session["Id"]; query = "INSERT INTO BOOKS VALUES ('" + bookName + "'," + currentUser + ",null,'" + toSave + "','" + boodSummary + "')"; DatabaseModel databaseModel = new DatabaseModel(); databaseModel.insert(query); query = "SELECT BOOKID FROM BOOKS WHERE BOOKNAME = '" + bookName + "'"; DataSet dataSet = new DataSet(); dataSet = databaseModel.selectFunction(query); bookId = Convert.ToInt32(dataSet.Tables[0].Rows[0].ItemArray[0]); query = "SELECT TAGID FROM TAGS WHERE TAGNAME = '" + storyInfo.tags.tagName + "'"; dataSet = new DataSet(); dataSet = databaseModel.selectFunction(query); int tagid = Convert.ToInt32(dataSet.Tables[0].Rows[0].ItemArray[0]); query = "INSERT INTO BOOKTAGS VALUES (" + bookId + ", " + tagid + ")"; databaseModel.insert(query); } else { // query = "UPDATE USERS SET PASSWORD = '******' WHERE USERNAME = '******'"; } } catch { } return(RedirectToAction("WriteStory", "Write", new { @id = bookId })); }