public static bool save_Order()
{
SqlCommand vSQLcommand1;
SqlCommand vSQLcommand2;
int userID;
try
{
using (SqlConnection objSQLconn = new SqlConnection(System.Web.Configuration.WebConfigurationManager.ConnectionStrings["shop"].ConnectionString))
{
objSQLconn.Open();
String insertCommand_order = "INSERT INTO tblOrder (user_id) VALUES (@order_userID); SELECT CAST(scope_identity() AS int)";
String insertCommand_order_prd = "INSERT INTO tblOrder_Product (order_id,product_id,product_amount) VALUES (@order_ID, @product_id, @order_product_amount);";
vSQLcommand1 = new SqlCommand(insertCommand_order, objSQLconn);
Shop.User derUser = HttpContext.Current.Session["User"] as Shop.User;
userID = derUser.UserID;
vSQLcommand1.Parameters.AddWithValue("@order_userID", userID);
Shop.Cart derCart = HttpContext.Current.Session["Cart"] as Shop.Cart;
var order_id = (int)vSQLcommand1.ExecuteScalar();
//int insertSuccessfull1 = vSQLcommand1.ExecuteNonQuery();
int i = 0;
foreach (var items in derCart.Items)
{
vSQLcommand2 = new SqlCommand(insertCommand_order_prd, objSQLconn);
vSQLcommand2.Parameters.AddWithValue("@order_ID", order_id);
vSQLcommand2.Parameters.AddWithValue("@product_ID", items.ProductID);
vSQLcommand2.Parameters.AddWithValue("@order_product_amount", 45);
int insertSuccessfull2 = vSQLcommand2.ExecuteNonQuery();
if (insertSuccessfull2 > 0)
{
Debug.Print("Successful Order_Product insert Nr. " + (++i));
}
else
{
Debug.Print("insert product fehlgeschlagen nummer " + (++i));
return(false);
}
}
if (order_id > 0)
{
HttpContext.Current.Session["Order"] = new Order(userID, order_id);
return(true);
}
else
{
Debug.Print("insert order fehlgeschlagen");
return(false);
}
}
}
catch (Exception vError)
{
Debug.Print("DB geht nicht - save order fkt" + vError);
return(false);
}
}
public static User loginUser(String email, String passwd)
{
SqlCommand vSQLcommand;
SqlDataReader vSQLreader;
try
{
using (SqlConnection objSQLconn = new SqlConnection(System.Web.Configuration.WebConfigurationManager.ConnectionStrings["shop"].ConnectionString))
{
objSQLconn.Open();
vSQLcommand = new SqlCommand("SELECT * FROM tblUsers WHERE user_email=@email AND user_password =@passwd;", objSQLconn);
vSQLcommand.Parameters.AddWithValue("@email", email);
vSQLcommand.Parameters.AddWithValue("@passwd", Encrypt.Pwd_Encode(passwd));
vSQLreader = vSQLcommand.ExecuteReader();
vSQLcommand.Dispose();
if (vSQLreader.HasRows)
{
vSQLreader.Read();
User loggedInUser = new Shop.User();
loggedInUser.UserID = (int)vSQLreader["user_id"];
loggedInUser.firstname = (String)vSQLreader["user_firstname"];
loggedInUser.lastname = (String)vSQLreader["user_lastname"];
loggedInUser.email = (String)vSQLreader["user_email"];
loggedInUser.phone = (String)vSQLreader["user_tel"];
loggedInUser.bill_street = (String)vSQLreader["user_bill_street"];
loggedInUser.bill_city = (String)vSQLreader["user_bill_city"];
loggedInUser.bill_country = (String)vSQLreader["user_bill_country"];
loggedInUser.bill_zipcode = (String)vSQLreader["user_bill_zipcode"];
return(loggedInUser);
}
else
{
Debug.Print("falsches Login " + email + " " + passwd);
return(null);
}
}
}
catch (Exception vError)
{
Debug.Print("DB geht nicht" + vError);
return(null);
}
}
