public static bool save_Order() { SqlCommand vSQLcommand1; SqlCommand vSQLcommand2; int userID; try { using (SqlConnection objSQLconn = new SqlConnection(System.Web.Configuration.WebConfigurationManager.ConnectionStrings["shop"].ConnectionString)) { objSQLconn.Open(); String insertCommand_order = "INSERT INTO tblOrder (user_id) VALUES (@order_userID); SELECT CAST(scope_identity() AS int)"; String insertCommand_order_prd = "INSERT INTO tblOrder_Product (order_id,product_id,product_amount) VALUES (@order_ID, @product_id, @order_product_amount);"; vSQLcommand1 = new SqlCommand(insertCommand_order, objSQLconn); Shop.User derUser = HttpContext.Current.Session["User"] as Shop.User; userID = derUser.UserID; vSQLcommand1.Parameters.AddWithValue("@order_userID", userID); Shop.Cart derCart = HttpContext.Current.Session["Cart"] as Shop.Cart; var order_id = (int)vSQLcommand1.ExecuteScalar(); //int insertSuccessfull1 = vSQLcommand1.ExecuteNonQuery(); int i = 0; foreach (var items in derCart.Items) { vSQLcommand2 = new SqlCommand(insertCommand_order_prd, objSQLconn); vSQLcommand2.Parameters.AddWithValue("@order_ID", order_id); vSQLcommand2.Parameters.AddWithValue("@product_ID", items.ProductID); vSQLcommand2.Parameters.AddWithValue("@order_product_amount", 45); int insertSuccessfull2 = vSQLcommand2.ExecuteNonQuery(); if (insertSuccessfull2 > 0) { Debug.Print("Successful Order_Product insert Nr. " + (++i)); } else { Debug.Print("insert product fehlgeschlagen nummer " + (++i)); return(false); } } if (order_id > 0) { HttpContext.Current.Session["Order"] = new Order(userID, order_id); return(true); } else { Debug.Print("insert order fehlgeschlagen"); return(false); } } } catch (Exception vError) { Debug.Print("DB geht nicht - save order fkt" + vError); return(false); } }
public static User loginUser(String email, String passwd) { SqlCommand vSQLcommand; SqlDataReader vSQLreader; try { using (SqlConnection objSQLconn = new SqlConnection(System.Web.Configuration.WebConfigurationManager.ConnectionStrings["shop"].ConnectionString)) { objSQLconn.Open(); vSQLcommand = new SqlCommand("SELECT * FROM tblUsers WHERE user_email=@email AND user_password =@passwd;", objSQLconn); vSQLcommand.Parameters.AddWithValue("@email", email); vSQLcommand.Parameters.AddWithValue("@passwd", Encrypt.Pwd_Encode(passwd)); vSQLreader = vSQLcommand.ExecuteReader(); vSQLcommand.Dispose(); if (vSQLreader.HasRows) { vSQLreader.Read(); User loggedInUser = new Shop.User(); loggedInUser.UserID = (int)vSQLreader["user_id"]; loggedInUser.firstname = (String)vSQLreader["user_firstname"]; loggedInUser.lastname = (String)vSQLreader["user_lastname"]; loggedInUser.email = (String)vSQLreader["user_email"]; loggedInUser.phone = (String)vSQLreader["user_tel"]; loggedInUser.bill_street = (String)vSQLreader["user_bill_street"]; loggedInUser.bill_city = (String)vSQLreader["user_bill_city"]; loggedInUser.bill_country = (String)vSQLreader["user_bill_country"]; loggedInUser.bill_zipcode = (String)vSQLreader["user_bill_zipcode"]; return(loggedInUser); } else { Debug.Print("falsches Login " + email + " " + passwd); return(null); } } } catch (Exception vError) { Debug.Print("DB geht nicht" + vError); return(null); } }