private void btnOK_Click(object sender, EventArgs e)
{
string connectionString = ConfigurationManager.ConnectionStrings["db"].ConnectionString; //loading connection string from App.config
SqlConnection con = new SqlConnection(connectionString); // making connection
con.Open();
string sqlquery = "UPDATE Employee SET [Last Name] = @LastName, [First Name] = @FirstName, DOB = @DOB, Address = @Address, ZIP = @ZIP WHERE ID = " + numID;
//prevent sql injection by doing this, thts wat google said
string sqlquery2 = "UPDATE [User] SET [LastName] = @LastName, [FirstName] = @FirstName WHERE Username = @Username";
SqlCommand command = new SqlCommand(sqlquery, con);
SqlCommand command2 = new SqlCommand(sqlquery2, con);
int numD1 = 0;
try
{
numD1 = Int32.Parse(this.txtUserID.Text);
command.Parameters.AddWithValue("@LastName", this.txtLastName.Text);
command.Parameters.AddWithValue("@FirstName", this.txtFirstName.Text);
command.Parameters.AddWithValue("@DOB", this.dateTimePicker1.Value);
command.Parameters.AddWithValue("@Address", this.txtAddress.Text);
command.Parameters.AddWithValue("@ZIP", this.txtZipcode.Text);
command.ExecuteNonQuery();
command2.Parameters.AddWithValue("@LastName", txtLastName.Text);
command2.Parameters.AddWithValue("@FirstName", txtFirstName.Text);
command2.Parameters.Add("@Username", SqlDbType.VarChar);
command2.Parameters["@Username"].Value = Username;
command2.ExecuteNonQuery();
editTaxes(con, numD1);
editBenefits(con, numD1);
MessageBox.Show("Information updated.");
UserMain usermain = new UserMain(this.txtFirstName.Text, this.txtLastName.Text,
this.txtAddress.Text, this.txtZipcode.Text);
form2.gridRefresh();
usermain.Show();
this.Close();
//another way of doing the above without sending a sht ton of parameters.. might have to make alot of function gets
/*UserMain userMain = new UserMain();
* userMain.TextBoxValue = txtFirstName.Text;
* // userMain.TextBoxValue = txtLastName.Text;
* userMain.ShowDialog();
* this.Close();*/
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
}