public IActionResult OnGet(int?id) { DatabaseConnect dbstring = new DatabaseConnect(); string DbConnection = dbstring.DatabaseString(); SqlConnection conn = new SqlConnection(DbConnection); conn.Open(); Products = new Products(); using (SqlCommand command = new SqlCommand()) { command.Connection = conn; command.CommandText = @"SELECT * FROM Products WHERE ProductID = @PID"; command.Parameters.AddWithValue("@PID", id); Console.WriteLine("Product ID : " + id); SqlDataReader reader = command.ExecuteReader(); while (reader.Read()) { Products.ProductID = reader.GetInt32(0); Products.ProductName = reader.GetString(1); Products.ProductPrice = reader.GetString(2); Products.ProductCategory = reader.GetString(3); Products.ProductDescription = reader.GetString(4); } } conn.Close(); return(Page()); }
public IActionResult OnPost() { DatabaseConnect dbstring = new DatabaseConnect(); string DbConnection = dbstring.DatabaseString(); SqlConnection conn = new SqlConnection(DbConnection); conn.Open(); Console.WriteLine("Product ID : " + Products.ProductID); Console.WriteLine("Product Name : " + Products.ProductName); Console.WriteLine("Product Price : " + Products.ProductPrice); Console.WriteLine("Product Category : " + Products.ProductCategory); Console.WriteLine("Product Description : " + Products.ProductDescription); using (SqlCommand command = new SqlCommand()) { command.Connection = conn; command.CommandText = "UPDATE Products SET ProductName=@PName, ProductPrice=@PPrice, ProductCategory=@PCategory, ProductDescription=@PDescription WHERE ProductID = @PID"; command.Parameters.AddWithValue("@PID", Products.ProductID); command.Parameters.AddWithValue("@PName", Products.ProductName); command.Parameters.AddWithValue("@PPrice", Products.ProductPrice); command.Parameters.AddWithValue("@PCategory", Products.ProductCategory); command.Parameters.AddWithValue("@PDescription", Products.ProductDescription); command.ExecuteNonQuery(); } conn.Close(); return(RedirectToPage("/Product/ProductIndex")); }
public IActionResult OnPost() { var FileToUpload = Path.Combine(_env.WebRootPath, "Files", File.FileName);//this variable consists of file path Console.WriteLine("File Name : " + FileToUpload); using (var FStream = new FileStream(FileToUpload, FileMode.Create)) { File.CopyTo(FStream);//copy the file into FStream variable } DatabaseConnect DBCon = new DatabaseConnect(); string DbString = DBCon.DatabaseString(); SqlConnection conn = new SqlConnection(DbString); conn.Open(); using (SqlCommand command = new SqlCommand()) { command.Connection = conn; command.CommandText = @"INSERT StudentFile (StudentName, FileName) VALUES (@StdName, @FName)"; command.Parameters.AddWithValue("@StdName", FileRec.Name); command.Parameters.AddWithValue("@FName", File.FileName); Console.WriteLine("File name : " + FileRec.Name); Console.WriteLine("File name : " + File.FileName); command.ExecuteNonQuery(); } return(RedirectToPage("/index")); }
public IActionResult OnGet(int?id) { DatabaseConnect dbstring = new DatabaseConnect(); //creating an object from the class string DbConnection = dbstring.DatabaseString(); //calling the method from the class Console.WriteLine(DbConnection); SqlConnection conn = new SqlConnection(DbConnection); conn.Open(); using (SqlCommand command = new SqlCommand()) { command.Connection = conn; command.CommandText = "SELECT * FROM Customer WHERE Id = @ID"; command.Parameters.AddWithValue("@ID", id); SqlDataReader reader = command.ExecuteReader(); CustomerRec = new Customer(); while (reader.Read()) { CustomerRec.Id = reader.GetInt32(0); CustomerRec.CustomerID = reader.GetString(1); CustomerRec.CustomerName = reader.GetString(2); CustomerRec.CustomerLastName = reader.GetString(3); CustomerRec.Email = reader.GetString(4); } } conn.Close(); return(Page()); }
public IActionResult OnPost() { DatabaseConnect dbstring = new DatabaseConnect(); string DbConnection = dbstring.DatabaseString(); SqlConnection conn = new SqlConnection(DbConnection); conn.Open(); Console.WriteLine("User ID :" + Users.UserID); Console.WriteLine("User First Name : " + Users.FirstName); Console.WriteLine("User Last Name : " + Users.LastName); Console.WriteLine("User Email Address : " + Users.EmailAddress); Console.WriteLine("User Password : "******"User Role : " + Users.Role); using (SqlCommand command = new SqlCommand()) { command.Connection = conn; command.CommandText = "UPDATE Users SET FirstName=@FName, LastName=@LName, EmailAddress=@EAddress, Password=@PWD, Role=@URole WHERE UserID = @UID"; command.Parameters.AddWithValue("@UID", Users.UserID); command.Parameters.AddWithValue("@FName", Users.FirstName); command.Parameters.AddWithValue("@LName", Users.LastName); command.Parameters.AddWithValue("@EAddress", Users.EmailAddress); command.Parameters.AddWithValue("@PWD", Users.Password); command.Parameters.AddWithValue("@URole", Users.Role); command.ExecuteNonQuery(); } conn.Close(); return(RedirectToPage("/User/UserManagement")); }
public IActionResult OnGet(int?id) { DatabaseConnect DbCon = new DatabaseConnect(); SqlConnection conn = new SqlConnection(DbCon.DatabaseString()); conn.Open(); using (SqlCommand command = new SqlCommand()) { command.Connection = conn; command.CommandText = "SELECT * FROM PlayerTable WHERE Id = @ID"; command.Parameters.AddWithValue("@ID", id); SqlDataReader reader = command.ExecuteReader(); PlayerRec = new Player(); while (reader.Read()) { PlayerRec.Id = reader.GetInt32(0); PlayerRec.PlayerID = reader.GetString(1); PlayerRec.PlayerFirstName = reader.GetString(2); PlayerRec.PlayerSurname = reader.GetString(3); PlayerRec.PlayerAge = reader.GetInt32(4); } } conn.Close(); return(Page()); }
public IActionResult OnPost() { var FileToUpload = Path.Combine(_env.WebRootPath, "Files", Files.FileName);//this variable consists of file path Console.WriteLine("File Name : " + FileToUpload); using (var FStream = new FileStream(FileToUpload, FileMode.Create)) { Files.CopyTo(FStream); //copy the file into FStream variable } DatabaseConnect dbstring = new DatabaseConnect(); string DbConnection = dbstring.DatabaseString(); SqlConnection conn = new SqlConnection(DbConnection); conn.Open(); using (SqlCommand command = new SqlCommand()) { command.Connection = conn; command.CommandText = @"INSERT UserTable (Username, FileName, FirstName) VALUES (@UName, @FName, @FirstName)"; command.Parameters.AddWithValue("@UName", FileRec.Username); command.Parameters.AddWithValue("@FName", Files.FileName); command.Parameters.Add("@FirstName", System.Data.SqlDbType.VarChar, 20).Value = "Ross"; Console.WriteLine("File name : " + FileRec.Username); Console.WriteLine("File name : " + Files.FileName); command.ExecuteNonQuery(); } return(RedirectToPage("/Index")); }
public void OnGet() { DatabaseConnect Dbstring = new DatabaseConnect(); string DatabaseString = Dbstring.DatabaseString(); SqlConnection conn = new SqlConnection(DatabaseString); conn.Open(); using (SqlCommand command = new SqlCommand()) { command.Connection = conn; command.CommandText = @"SELECT * FROM StudentFile"; var reader = command.ExecuteReader(); FileRec = new List <User>(); while (reader.Read()) { User rec = new User(); rec.Id = reader.GetInt32(0); // we need this to send the Id to Delete page for another enquiry rec.UserName = reader.GetString(1); rec.FileName = reader.GetString(2); FileRec.Add(rec); } } }
public IActionResult OnPost() { DatabaseConnect dbstring = new DatabaseConnect(); string DbConnection = dbstring.DatabaseString(); Console.WriteLine(DbConnection); SqlConnection conn = new SqlConnection(DbConnection); conn.Open(); Console.WriteLine(Products.ProductName); Console.WriteLine(Products.ProductPrice); Console.WriteLine(Products.ProductCategory); Console.WriteLine(Products.ProductDescription); using (SqlCommand command = new SqlCommand()) { command.Connection = conn; command.CommandText = "INSERT INTO Products (ProductName, ProductPrice, ProductCategory, ProductDescription) VALUES (@PName, @PPrice, @PCategory, @PDescription)"; command.Parameters.AddWithValue("@PName", Products.ProductName); command.Parameters.AddWithValue("@PPrice", Products.ProductPrice); command.Parameters.AddWithValue("@PCategory", Products.ProductCategory); command.Parameters.AddWithValue("@PDescription", Products.ProductDescription); command.ExecuteNonQuery(); } return(RedirectToPage("/Product/ProductIndex")); }
public void OnGet() { var connectionStringBuilder = new SqliteConnectionStringBuilder(); DatabaseConnect DBCon = new DatabaseConnect(); // your own class and method in DatabaseConnection folder string dbStringConnection = DBCon.DatabaseString(); connectionStringBuilder.DataSource = dbStringConnection; var connection = new SqliteConnection(connectionStringBuilder.ConnectionString); connection.Open(); var command = connection.CreateCommand(); command.CommandText = @"SELECT * FROM UserTable"; var reader = command.ExecuteReader(); User = new List <User>(); while (reader.Read()) { User userRec = new User(); userRec.Id = reader.GetInt32(0); userRec.FirstName = reader.GetString(1); userRec.UserName = reader.GetString(2); userRec.Role = reader.GetString(4); User.Add(userRec); } }
public IActionResult OnPost() { DatabaseConnect dbstring = new DatabaseConnect(); //creating an object from the class string DbConnection = dbstring.DatabaseString(); //calling the method from the class Console.WriteLine(DbConnection); SqlConnection conn = new SqlConnection(DbConnection); conn.Open(); Console.WriteLine(User.FirstName); Console.WriteLine(User.Username); Console.WriteLine(User.Password); Console.WriteLine(User.Role); using (SqlCommand command = new SqlCommand()) { command.Connection = conn; command.CommandText = @"INSERT INTO UserTable (FirstName, Username, Password, Role, FileName) VALUES (@FName, @UName, @Pwd, @URole, @FileName)"; command.Parameters.AddWithValue("@FName", User.FirstName); command.Parameters.AddWithValue("@UName", User.Username); command.Parameters.AddWithValue("@Pwd", User.Password); command.Parameters.AddWithValue("@URole", User.Role); command.Parameters.Add("@FileName", System.Data.SqlDbType.VarChar, 50).Value = "Placeholder"; command.ExecuteNonQuery(); } return(RedirectToPage("/Index")); }
public void deletePicture(int Id, string FileName) { Console.WriteLine("Record Id : " + Id); Console.WriteLine("File Name : " + FileName); DatabaseConnect dbstring = new DatabaseConnect(); string DbConnection = dbstring.DatabaseString(); SqlConnection conn = new SqlConnection(DbConnection); conn.Open(); using (SqlCommand command = new SqlCommand()) { command.Connection = conn; command.CommandText = @"DELETE FROM StudentFile WHERE Id = @Id"; command.Parameters.AddWithValue("@Id", Id); command.ExecuteNonQuery(); } Console.WriteLine(FileName); string RetrieveImage = Path.Combine(_env.WebRootPath, "Files", FileName); System.IO.File.Delete(RetrieveImage); Console.WriteLine("File has been deleted"); }
public void OnGet() { DatabaseConnect dbstring = new DatabaseConnect(); //creating an object from the class string DbConnection = dbstring.DatabaseString(); //calling the method from the class Console.WriteLine(DbConnection); SqlConnection conn = new SqlConnection(DbConnection); conn.Open(); using (SqlCommand command = new SqlCommand()) { command.Connection = conn; command.CommandText = @"SELECT * FROM Customer"; SqlDataReader reader = command.ExecuteReader(); //SqlDataReader is used to read record from a table CustomerRec = new List <Customer>(); //this object of list is created to populate all records from the table while (reader.Read()) { Customer record = new Customer(); //a local var to hold a record temporarily record.Id = reader.GetInt32(0); //getting the first field from the table record.CustomerID = reader.GetString(1); //getting the second field from the table record.CustomerName = reader.GetString(2); //getting the third field from the table record.CustomerLastName = reader.GetString(3); record.Email = reader.GetString(4); CustomerRec.Add(record); //adding the single record into the list } // Call Close when done reading. reader.Close(); } }
public IActionResult OnPost() { DatabaseConnect dbstring = new DatabaseConnect(); string DbConnection = dbstring.DatabaseString(); Console.WriteLine(DbConnection); SqlConnection conn = new SqlConnection(DbConnection); conn.Open(); Console.WriteLine(Users.FirstName); Console.WriteLine(Users.LastName); Console.WriteLine(Users.EmailAddress); Console.WriteLine(Users.Password); Console.WriteLine(Users.Role); using (SqlCommand command = new SqlCommand()) { command.Connection = conn; command.CommandText = @"INSERT INTO Users (FirstName, LastName, EmailAddress, Password, Role) VALUES (@FName, @LName, @EAddress, @Pwd, @Role)"; command.Parameters.AddWithValue("@FName", Users.FirstName); command.Parameters.AddWithValue("@LName", Users.LastName); command.Parameters.AddWithValue("@EAddress", Users.EmailAddress); command.Parameters.AddWithValue("@Pwd", Users.Password); command.Parameters.AddWithValue("@Role", Users.Role); command.ExecuteNonQuery(); } return(RedirectToPage("/User/UserManagement")); }
public IActionResult OnGet() { DatabaseConnect dbstring = new DatabaseConnect(); string DbConnection = dbstring.DatabaseString(); SqlConnection conn = new SqlConnection(DbConnection); conn.Open(); using (SqlCommand command = new SqlCommand()) { command.Connection = conn; command.CommandText = "SELECT * FROM Products"; SqlDataReader reader = command.ExecuteReader(); Prod = new List <Products>(); IsSelect = new List <bool>(); while (reader.Read()) { Products rec = new Products(); rec.ProductID = reader.GetInt32(0); rec.ProductName = reader.GetString(1); rec.ProductPrice = reader.GetString(2); rec.ProductCategory = reader.GetString(3); rec.ProductDescription = reader.GetString(4); Prod.Add(rec); IsSelect.Add(false); } } return(Page()); }
public void OnGet() { DatabaseConnect DBCon = new DatabaseConnect(); SqlConnection conn = new SqlConnection(DBCon.DatabaseString()); conn.Open(); using (SqlCommand command = new SqlCommand()) { command.Connection = conn; command.CommandText = @"SELECT * FROM FileTable"; var reader = command.ExecuteReader(); FileRec = new List <PlayerFile>(); while (reader.Read()) { PlayerFile rec = new PlayerFile(); rec.Id = reader.GetInt32(0); // we need this to send the Id to Delete page for another enquiry rec.PlayerName = reader.GetString(1); rec.FileName = reader.GetString(2); FileRec.Add(rec); } } }
public IActionResult OnPost() { UserToEdit = new List <User>(); //create the object for Module to be deleted. This variable now an empty list for (int i = 0; i < User.Count; i++) //Read all rows from Module. Each row has a checkbox! { if (IsSelect[i] == true) //if the checkbox of the row is true { UserToEdit.Add(User[i]); //collect the item for the row } } DatabaseConnect dbstring = new DatabaseConnect(); string DbConnection = dbstring.DatabaseString(); SqlConnection conn = new SqlConnection(DbConnection); conn.Open(); for (int i = 0; i < UserToEdit.Count(); i++) { using (SqlCommand command = new SqlCommand()) { command.Connection = conn; command.CommandText = @"UPDATE UserTable SET FirstName = 'Edited' WHERE Id = @UserID"; command.Parameters.AddWithValue("@UserID", UserToEdit[i].Id); command.ExecuteNonQuery(); } } return(RedirectToPage("/AdminPages/ViewUsers")); }
public IActionResult OnPost() { DatabaseConnect DbCon = new DatabaseConnect(); SqlConnection conn = new SqlConnection(DbCon.DatabaseString()); conn.Open(); using (SqlCommand command = new SqlCommand()) { command.Connection = conn; command.CommandText = @"INSERT INTO PlayerTable (PlayerID, PlayerFirstName, PlayerSurname, PlayerAge) VALUES (@PID, @FName, @SName, @PAge)"; command.Parameters.AddWithValue("@PID", PlayerRec.PlayerID); command.Parameters.AddWithValue("@FName", PlayerRec.PlayerFirstName); command.Parameters.AddWithValue("@SName", PlayerRec.PlayerSurname); command.Parameters.AddWithValue("@PAge", PlayerRec.PlayerAge); Console.WriteLine(PlayerRec.PlayerID); Console.WriteLine(PlayerRec.PlayerFirstName); Console.WriteLine(PlayerRec.PlayerSurname); Console.WriteLine(PlayerRec.PlayerAge); command.ExecuteNonQuery(); } return(RedirectToPage("/Index")); }
public IActionResult OnGet() { DatabaseConnect dbstring = new DatabaseConnect(); string DbConnection = dbstring.DatabaseString(); SqlConnection conn = new SqlConnection(DbConnection); conn.Open(); using (SqlCommand command = new SqlCommand()) { command.Connection = conn; command.CommandText = "SELECT * FROM Users"; SqlDataReader reader = command.ExecuteReader(); Users = new List <Users>(); IsSelect = new List <bool>(); while (reader.Read()) { Users rec = new Users(); rec.UserID = reader.GetInt32(0); rec.FirstName = reader.GetString(1); rec.LastName = reader.GetString(2); rec.EmailAddress = reader.GetString(3); rec.Password = reader.GetString(4); rec.Role = reader.GetString(5); Users.Add(rec); IsSelect.Add(false); } } return(Page()); }
public IActionResult OnGet(int?UserID) //we receive this Id from View.cs { DatabaseConnect Dbstring = new DatabaseConnect(); string DatabaseString = Dbstring.DatabaseString(); SqlConnection conn = new SqlConnection(DatabaseString); conn.Open(); using (SqlCommand command = new SqlCommand()) { command.Connection = conn; command.CommandText = @"SELECT UserID FROM UserTable WHERE UserID = @UserID"; command.Parameters.AddWithValue("@UserID", UserID); var reader = command.ExecuteReader(); FileRec = new User(); while (reader.Read()) { FileRec.Username = reader.GetString(1); //to display on the html page FileRec.FileName = reader.GetString(2); //to display on the html page } Console.WriteLine("File name : " + FileRec.FileName); } return(Page()); }
public IActionResult OnGet(int?Id) //we receive this Id from View.cs { DatabaseConnect Dbstring = new DatabaseConnect(); string DatabaseString = Dbstring.DatabaseString(); SqlConnection conn = new SqlConnection(DatabaseString); conn.Open(); using (SqlCommand command = new SqlCommand()) { command.Connection = conn; command.CommandText = @"SELECT * FROM StudentFile WHERE Id = @Id"; command.Parameters.AddWithValue("@Id", Id); var reader = command.ExecuteReader(); StdFileRec = new User(); while (reader.Read()) { StdFileRec.Id = reader.GetInt32(0); StdFileRec.UserName = reader.GetString(1); //to display on the html page StdFileRec.FileName = reader.GetString(2); //to display on the html page } Console.WriteLine("File name : " + StdFileRec.FileName); } return(Page()); }
public IActionResult OnGet() { //get the session first! UserName = HttpContext.Session.GetString(SessionKeyName1); FirstName = HttpContext.Session.GetString(SessionKeyName2); SessionID = HttpContext.Session.GetString(SessionKeyName3); DatabaseConnect DBCon = new DatabaseConnect(); SqlConnection conn = new SqlConnection(DBCon.DatabaseString()); conn.Open(); using (SqlCommand command = new SqlCommand()) { command.Connection = conn; command.CommandText = @"SELECT * FROM UserTable"; var reader = command.ExecuteReader(); User = new List <User>(); while (reader.Read()) { User Row = new User(); //each record found from the table Row.Id = reader.GetInt32(0); Row.FirstName = reader.GetString(1); Row.UserName = reader.GetString(2); Row.Role = reader.GetString(4); // We dont get the password. The role field is in the 5th position User.Add(Row); } } return(Page()); }
public IActionResult OnPost() { var connectionStringBuilder = new SqliteConnectionStringBuilder(); DatabaseConnect DBCon = new DatabaseConnect(); // your own class and method in DatabaseConnection folder string dbStringConnection = DBCon.DatabaseString(); connectionStringBuilder.DataSource = dbStringConnection; var connection = new SqliteConnection(connectionStringBuilder.ConnectionString); connection.Open(); var command = connection.CreateCommand(); Console.WriteLine(User.FirstName); Console.WriteLine(User.UserName); Console.WriteLine(User.Password); Console.WriteLine(User.Role); command.CommandText = @"INSERT INTO UserTable (FirstName, UserName, UserPassword, UserRole) VALUES (@FName, @UName, @Pwd, @Role)"; command.Parameters.AddWithValue("@FName", User.FirstName); command.Parameters.AddWithValue("@UName", User.UserName); command.Parameters.AddWithValue("@Pwd", User.Password); command.Parameters.AddWithValue("@Role", User.Role); command.ExecuteNonQuery(); return(RedirectToPage("/Index")); }
public IActionResult OnPost() { if (!ModelState.IsValid) { return(Page()); } DatabaseConnect dbstring = new DatabaseConnect(); //creating an object from the class string DbConnection = dbstring.DatabaseString(); //calling the method from the class Console.WriteLine(DbConnection); SqlConnection conn = new SqlConnection(DbConnection); conn.Open(); Console.WriteLine(User.UserName); Console.WriteLine(User.Password); using (SqlCommand command = new SqlCommand()) { command.Connection = conn; command.CommandText = @"SELECT FirstName, UserName, UserRole FROM UserTable WHERE UserName = @UName AND UserPassword = @Pwd"; command.Parameters.AddWithValue("@UName", User.UserName); command.Parameters.AddWithValue("@Pwd", User.Password); var reader = command.ExecuteReader(); while (reader.Read()) { User.FirstName = reader.GetString(0); User.UserName = reader.GetString(1); User.Role = reader.GetString(2); } } if (!string.IsNullOrEmpty(User.FirstName)) { SessionID = HttpContext.Session.Id; HttpContext.Session.SetString("sessionID", SessionID); HttpContext.Session.SetString("username", User.UserName); HttpContext.Session.SetString("fname", User.FirstName); if (User.Role == "User") { return(RedirectToPage("/UserPages/UserIndex")); } else { return(RedirectToPage("/AdminPages/AdminIndex")); } } else { Message = "Invalid Username and Password!"; return(Page()); } }
public IActionResult OnGet(int?id) { DatabaseConnect dbstring = new DatabaseConnect(); string DbConnection = dbstring.DatabaseString(); SqlConnection conn = new SqlConnection(DbConnection); conn.Open(); Users = new Users(); using (SqlCommand command = new SqlCommand()) { command.Connection = conn; command.CommandText = "SELECT * FROM Users WHERE UserID = @UID"; command.Parameters.AddWithValue("@UID", id); Console.WriteLine("User ID : " + id); SqlDataReader reader = command.ExecuteReader(); while (reader.Read()) { Users.UserID = reader.GetInt32(0); Users.FirstName = reader.GetString(1); Users.LastName = reader.GetString(2); Users.EmailAddress = reader.GetString(3); Users.Password = reader.GetString(4); Users.Role = reader.GetString(5); } } return(Page()); }
public IActionResult OnPost() { DatabaseConnect dbstring = new DatabaseConnect(); //creating an object from the class string DbConnection = dbstring.DatabaseString(); //calling the method from the class Console.WriteLine(DbConnection); SqlConnection conn = new SqlConnection(DbConnection); conn.Open(); using (SqlCommand command = new SqlCommand()) { command.Connection = conn; command.CommandText = @"INSERT INTO Customer (CustomerID, CustomerName, CustomerLastName, Email, Password) VALUES (@CID, @CName, @CLName, @Email, @PSWD)"; command.Parameters.AddWithValue("@CID", Customer.CustomerID); command.Parameters.AddWithValue("@CName", Customer.CustomerName); command.Parameters.AddWithValue("@CLName", Customer.CustomerLastName); command.Parameters.AddWithValue("@Email", Customer.Email); command.Parameters.AddWithValue("@PSWD", Customer.Password); Console.WriteLine(Customer.CustomerID); Console.WriteLine(Customer.CustomerName); Console.WriteLine(Customer.CustomerLastName); Console.WriteLine(Customer.Email); Console.WriteLine(Customer.Password); command.ExecuteNonQuery(); } return(RedirectToPage("./Index")); }
public IActionResult OnPost() { if (!ModelState.IsValid) { return(Page()); } DatabaseConnect dbstring = new DatabaseConnect(); //creating an object from the class string DbConnection = dbstring.DatabaseString(); //calling the method from the class Console.WriteLine(DbConnection); SqlConnection conn = new SqlConnection(DbConnection); conn.Open(); Console.WriteLine(User.FirstName); Console.WriteLine(User.UserName); Console.WriteLine(User.Password); Console.WriteLine(User.Role); using (SqlCommand command = new SqlCommand()) { command.Connection = conn; command.CommandText = @"INSERT INTO UserTable (FirstName, UserName, UserPassword, UserRole) VALUES (@FName, @UName, @Pwd, @Role)"; command.Parameters.AddWithValue("@FName", User.FirstName); command.Parameters.AddWithValue("@UName", User.UserName); command.Parameters.AddWithValue("@Pwd", User.Password); command.Parameters.AddWithValue("@Role", User.Role); command.ExecuteNonQuery(); } return(RedirectToPage("/AdminPages/ViewUsers")); }
public IActionResult OnPost() { if (!ModelState.IsValid) { return(Page()); } DatabaseConnect dbConn = new DatabaseConnect(); string DbString = dbConn.DatabaseString(); var connStringBuilder = new SqliteConnectionStringBuilder(); connStringBuilder.DataSource = DbString; var conn = new SqliteConnection(connStringBuilder.ConnectionString); conn.Open(); var command = conn.CreateCommand(); Console.WriteLine(User.UserName); Console.WriteLine(User.Password); command.CommandText = @"SELECT FirstName, UserName, UserRole FROM UserTable WHERE UserName = @UName AND UserPassword = @Pwd"; command.Parameters.AddWithValue("@UName", User.UserName); command.Parameters.AddWithValue("@Pwd", User.Password); var reader = command.ExecuteReader(); while (reader.Read()) { User.FirstName = reader.GetString(0); User.UserName = reader.GetString(1); User.Role = reader.GetString(2); } if (!string.IsNullOrEmpty(User.FirstName)) { SessionID = HttpContext.Session.Id; HttpContext.Session.SetString("sessionID", SessionID); HttpContext.Session.SetString("username", User.UserName); HttpContext.Session.SetString("fname", User.FirstName); if (User.Role == "User") { return(RedirectToPage("/UserPages/UserIndex")); } else { return(RedirectToPage("/AdminPages/AdminIndex")); } } else { Message = "Invalid Username and Password!"; return(Page()); } }
public IActionResult OnPost() { DatabaseConnect dbstring = new DatabaseConnect(); string DbConnection = dbstring.DatabaseString(); Console.WriteLine(DbConnection); SqlConnection conn = new SqlConnection(DbConnection); conn.Open(); Console.WriteLine(Login.Username); Console.WriteLine(Login.Password); using (SqlCommand command = new SqlCommand()) { command.Connection = conn; command.CommandText = @"SELECT FirstName, Username, User_Type FROM Logins WHERE Username = @Username AND Password = @Password"; command.Parameters.AddWithValue("@Username", Login.Username); command.Parameters.AddWithValue("@Password", Login.Password); var reader = command.ExecuteReader(); while (reader.Read()) { Login.FirstName = reader.GetString(0); Login.Username = reader.GetString(1); Login.User_Type = reader.GetString(2); } } if (!string.IsNullOrEmpty(Login.FirstName)) { SessionID = HttpContext.Session.Id; HttpContext.Session.SetString("SessionID", SessionID); HttpContext.Session.SetString("username", Login.Username); HttpContext.Session.SetString("fname", Login.FirstName); if (Login.User_Type == "Student") { return(RedirectToPage("/Student/StudentIndex")); } if (Login.User_Type == "Teacher") { return(RedirectToPage("/Login/Create")); } else { return(RedirectToPage("/Admin/AdminIndex")); } } else { Message = "Invalid Username or Password!"; return(Page()); } }
public IActionResult OnPost() { DatabaseConnect dbstring = new DatabaseConnect(); //creating an object from the class string DbConnection = dbstring.DatabaseString(); //calling the method from the class Console.WriteLine(DbConnection); SqlConnection conn = new SqlConnection(DbConnection); conn.Open(); Console.WriteLine(AdminReg.Email); Console.WriteLine(AdminReg.Password); using (SqlCommand command = new SqlCommand()) { command.Connection = conn; command.CommandText = @"SELECT AdminName, AdminLastName, Email, Password FROM Admin WHERE Email = @Email AND Password = @PSWD"; command.Parameters.AddWithValue("@Email", AdminReg.Email); command.Parameters.AddWithValue("@PSWD", AdminReg.Password); var reader = command.ExecuteReader(); while (reader.Read()) { AdminReg.AdminName = reader.GetString(0); AdminReg.AdminLastName = reader.GetString(1); AdminReg.Email = reader.GetString(2); } } if (!string.IsNullOrEmpty(AdminReg.AdminName)) { SessionID = HttpContext.Session.Id; HttpContext.Session.SetString("sessionID", SessionID); HttpContext.Session.SetString("Email", AdminReg.Email); HttpContext.Session.SetString("AdminName", AdminReg.AdminName); } else { Message = "Invalid Username and Password!"; return(Page()); } return(RedirectToPage("/Admins/Login/AdminPage")); }