// PUT: api/Employee/5 public string Put(int id, XEmployee employee) { SqlConnection conn = DBConnection.GetConnection(); SqlCommand cmd; string query; string output; try { conn.Open(); query = "update employee set Givenname = '" + employee.GivenName + "', Surname = '" + employee.Surname + "' where StaffID = " + id; cmd = new SqlCommand(query, conn); //read the data for that command output = cmd.ExecuteNonQuery().ToString() + " Rows updated"; } catch (Exception e) { output = e.Message; } finally { if (conn.State == System.Data.ConnectionState.Open) { conn.Close(); } } conn.Close(); return(output); }
// POST: api/Employee public string Post(XEmployee employee) { SqlConnection conn = DBConnection.GetConnection(); SqlCommand cmd; string query; string output; try { conn.Open(); query = "insert into employee(staffid, givenname, surname) values (" + employee.StaffId + ", '" + employee.GivenName + "', '" + employee.Surname + "')"; cmd = new SqlCommand(query, conn); //read the data for that command output = cmd.ExecuteNonQuery().ToString() + " Rows Inserted"; } catch (Exception e) { output = e.Message; } finally { if (conn.State == System.Data.ConnectionState.Open) { conn.Close(); } } return(output); }