public void UpdateStaff(string staffNumber, string staffType, string password, string staffPic)
{
DbLink Link = new DbLink();
password = Crypt.ConvertToHash(password);
using (SqlConnection conn = Link.InitializeSqlConnection())
{
conn.Open();
SqlCommand comm = new SqlCommand("UPDATE dbo.tbl_BO_Staff " +
"SET Discriminator = '" + staffType + "', Password = '******', PicURL = '" + staffPic + "' " +
"WHERE BStaff_Number = '" + staffNumber + "'", conn);
comm.ExecuteNonQuery();
}
}
public void InsertStaff(string staffNumber, string staffType, string password, string image)
{
DbLink Link = new DbLink();
password = Crypt.ConvertToHash(password);
using (SqlConnection conn = Link.InitializeSqlConnection())
{
conn.Open();
SqlCommand comm = new SqlCommand("INSERT INTO dbo.tbl_BO_Staff " +
"(BStaff_Number, Discriminator, Password, PicURL) " +
"VALUES ('" + staffNumber + "', '" + staffType + "', '" + password + "', '" + image + "')", conn);
comm.ExecuteNonQuery();
}
}