public void Add_Sign() { try { string input = POSTInputStreamReader(request); SignUpdate NewSign = JsonConvert.DeserializeObject <SignUpdate>(input); using (SqlConnection connection = new SqlConnection(connectionString)) { string sql = "SELECT count(*) as counter FROM dbo.[User] " + "WHERE Login='******' AND Password='******'"; connection.Open(); // Создаем объект DataAdapter SqlDataAdapter adapter = new SqlDataAdapter(sql, connection); // Создаем объект Dataset DataSet ds = new DataSet(); // Заполняем Dataset adapter.Fill(ds); if (ds.Tables[0].Rows[0].Field <int>("counter") < 1) { response.StatusCode = 400; Answer("Неверный логин или пароль", response); return; } sql = "INSERT INTO Sign VALUES(N'" + NewSign.GetParam("Name") + "', N'" + NewSign.GetParam("Category") + "', '" + DateTime.Now.ToString("yyyy-MM-dd") + "', N'" + NewSign.GetParam("Adress") + "', 0, " + NewSign.GetParam("Price") + ", '" + HttpUtility.ParseQueryString(request.Url.Query).Get("login") + "','Active'); select scope_identity()"; SqlCommand command = new SqlCommand(sql, connection); string test = NewSign.GetParam("Category"); var addingid = command.ExecuteScalar(); if (NewSign.Base64image != null) { sql = "select scope_identity()"; string pureimage = NewSign.Base64image.Substring(NewSign.Base64image.IndexOf(',') + 1); File.WriteAllBytes(imgpath + addingid.ToString() + ".jpg", Convert.FromBase64String(pureimage)); } response.StatusCode = 200; //good Answer("Объявление добавлено", response); } } catch (Exception e) { message.DynamicInvoke("Ошибка:" + e.Message); } }
public void Sign_Update() { try { string input = POSTInputStreamReader(request); SignUpdate signupdate = JsonConvert.DeserializeObject <SignUpdate>(input); using (SqlConnection connection = new SqlConnection(connectionString)) { string sql = "SELECT count(*) as counter FROM dbo.[User] " + "WHERE Login='******' AND Password='******'"; connection.Open(); // Создаем объект DataAdapter SqlDataAdapter adapter = new SqlDataAdapter(sql, connection); // Создаем объект Dataset DataSet ds = new DataSet(); // Заполняем Dataset adapter.Fill(ds); if (ds.Tables[0].Rows[0].Field <int>("counter") < 1) { response.StatusCode = 400; Answer("Неверный логин или пароль", response); return; } string updatingid = HttpUtility.ParseQueryString(request.Url.Query).Get("signid"); sql = "EXEC UpdateSign N'" + signupdate.GetParam("Name") + "', N'" + signupdate.GetParam("Category") + "', N'" + signupdate.GetParam("Adress") + "', " + signupdate.GetParam("Price") + ", " + updatingid.ToString() + ""; SqlCommand command = new SqlCommand(sql, connection); string test = signupdate.GetParam("Category"); command.ExecuteNonQuery(); response.StatusCode = 200; //good Answer("Данные обновлены", response); } } catch (Exception e) { message.DynamicInvoke("Ошибка:" + e.Message); } }