public void insertUser(string username, string password, string fullName, string avatar, string gender, string phone, string address, string email, int roles) { string sql = "insert into users (username,password,fullname,avatar,gender " + ",phone,address,email,roles" + ") values(N'" + username + "','" + password + "','" + fullName + "','" + avatar + "'," + "'" + gender + "','" + phone + "',N'" + address + "','" + email + "',N'" + roles + "')"; dal.ExecuteNonQuery(sql); }
public void insertUser(string user, string pass, string fullName, int gender, string phone, string address, string email, string avartar, int roles) { try { string sql = "insert into users (username, password, fullname, gender, phone, address, email, avatar, roles) values ('" + user + "', '" + pass + "', N'" + fullName + "','" + gender + "','" + int.Parse(phone) + "', N'" + address + "', '" + email + "','" + avartar + "','" + roles + "')"; dal.ExecuteNonQuery(sql); } catch (Exception) {} }
public void Insertproduct(string name, string avatar, Int32 price, Int32 size, string brand, string color, string gender, Int32 amount, string description, int category_id) { string sql = "insert into products (name,avatar,price,size,brand " + ",color,gender,amount," + "description,category_id) values(N'" + name + "','" + avatar + "','" + price + "','" + size + "'," + "N'" + brand + "','" + color + "',N'" + gender + "','" + amount + "',N'" + description + "','" + category_id + "')"; dal.ExecuteNonQuery(sql); }
public void Insertorder(string fullname, string gender, Int32 phone, string address, string email, string note, int price_total, //X price_total update csdl Int32 status, int user_id) //X avatar??? update csdl { string sql = "insert into orders (fullname,gender,phone,address,email " + ",note,price_total,status,user_id)" + " values(N'" + fullname + "',N'" + gender + "','" + phone + "',N'" + address + "'," + "N'" + email + "',N'" + note + "','" + price_total + "','" + status + "','" + user_id + "')"; dal.ExecuteNonQuery(sql); }
public void insert_order_detail(int order_id, int product_id, int quantity) { string sql = "insert into order_details (order_id, product_id, quantity) values('" + order_id + "','" + product_id + "','" + quantity + "')"; dal.ExecuteNonQuery(sql); }
public void InsertCategory(string Name, string Description) { string sql = "insert into categories ( name, description ) values('" + Name + "','" + Description + "')"; dal.ExecuteNonQuery(sql); }