public void createMember(MemRegDTO memRegDTO) { sqlConnection.Open(); string query = "insert into Memberinfo values('" + memRegDTO.memberID + "','" + memRegDTO.NAME + "','" + memRegDTO.Pass + "','" + memRegDTO.Payment + "','" + memRegDTO.Paid + "','" + memRegDTO.Due + "','" + memRegDTO.Package + "','" + memRegDTO.Validity + "')"; sqlCommand = new SqlCommand(query, sqlConnection); sqlCommand.ExecuteNonQuery(); sqlConnection.Close(); }
public void updateMember(MemRegDTO memRegDTO) { sqlConnection.Open(); string query = "update memberPanel set pass = '******', name = '" + memRegDTO.NAME + "', phone = '" + memRegDTO.Phone + "', payment = '" + memRegDTO.Payment + "', package = '" + memRegDTO.Package + "', paid = '" + memRegDTO.Paid + "', due = '" + memRegDTO.Due + "', validity = '" + memRegDTO.Validity + "' where memberid = '" + memRegDTO.memberID + "'"; sqlCommand = new SqlCommand(query, sqlConnection); sqlCommand.ExecuteNonQuery(); sqlConnection.Close(); }