예제 #1
0
        private void btnOK_Click(object sender, EventArgs e)
        {
            string        connectionString = ConfigurationManager.ConnectionStrings["db"].ConnectionString; //loading connection string from App.config
            SqlConnection con = new SqlConnection(connectionString);                                        // making connection

            con.Open();
            string sqlquery = "UPDATE Employee SET [Last Name] = @LastName, [First Name] = @FirstName, DOB = @DOB, Address = @Address, ZIP = @ZIP WHERE ID = " + numID;

            //prevent sql injection by doing this, thts wat google said
            string sqlquery2 = "UPDATE [User] SET [LastName] = @LastName, [FirstName] = @FirstName WHERE Username = @Username";

            SqlCommand command  = new SqlCommand(sqlquery, con);
            SqlCommand command2 = new SqlCommand(sqlquery2, con);
            int        numD1    = 0;

            try
            {
                numD1 = Int32.Parse(this.txtUserID.Text);
                command.Parameters.AddWithValue("@LastName", this.txtLastName.Text);
                command.Parameters.AddWithValue("@FirstName", this.txtFirstName.Text);
                command.Parameters.AddWithValue("@DOB", this.dateTimePicker1.Value);
                command.Parameters.AddWithValue("@Address", this.txtAddress.Text);
                command.Parameters.AddWithValue("@ZIP", this.txtZipcode.Text);

                command.ExecuteNonQuery();

                command2.Parameters.AddWithValue("@LastName", txtLastName.Text);
                command2.Parameters.AddWithValue("@FirstName", txtFirstName.Text);
                command2.Parameters.Add("@Username", SqlDbType.VarChar);
                command2.Parameters["@Username"].Value = Username;
                command2.ExecuteNonQuery();
                editTaxes(con, numD1);
                editBenefits(con, numD1);
                MessageBox.Show("Information updated.");


                UserMain usermain = new UserMain(this.txtFirstName.Text, this.txtLastName.Text,
                                                 this.txtAddress.Text, this.txtZipcode.Text);
                form2.gridRefresh();
                usermain.Show();
                this.Close();


                //another way of doing the above without sending a sht ton of parameters.. might have to make alot of function gets

                /*UserMain userMain = new UserMain();
                 * userMain.TextBoxValue = txtFirstName.Text;
                 * // userMain.TextBoxValue = txtLastName.Text;
                 * userMain.ShowDialog();
                 * this.Close();*/
            }
            catch (Exception ex)
            {
                MessageBox.Show(ex.Message);
            }
        }