Exemplo n.º 1
0
    //Insert into the Database
    protected void insert_Click(object sender, EventArgs e)
    {
        //Create new Employer object
        BusinessEmp bus = new BusinessEmp(FirstName.Value.ToString(), LastName.Value.ToString(), CompanyName.Value.ToString(), JobTitle.Value.ToString(), Summary.Value.ToString(), EmailAdd.Value.ToString(), Password1.Value.ToString(),
                                          PhoneNumber.Value.ToString(), CompHouseNumber.Value.ToString(), CompStreet.Value.ToString(), City.Value.ToString(),
                                          CompCountry.Value.ToString(), State.Value.ToString(), CompZip.Value.ToString());

        //Doesn't add to the DB if the email address is taken
        checkEmail(bus);

        if (checkEmail(bus) == false)
        {
            ScriptManager.RegisterStartupScript(this, this.GetType(), "ShowAlert", "ShowDangerAlert();", true);
            return;
        }
        else
        {
            EmailTaken.Visible = false;
        }

        checkPassword(bus);

        if (checkPassword(bus) == false)
        {
            ScriptManager.RegisterStartupScript(this, this.GetType(), "ShowPassAlert", "ShowDangerPassAlert();", true);
            return;
        }
        else
        {
            PassDontMatch.Visible = false;
        }

        if (EmailTaken.Visible == false || PassDontMatch.Visible == false)
        {
            //Insert values into database when user clicks "Insert"

            //Insert into address table
            sc.Open();
            System.Data.SqlClient.SqlCommand insertAddress = new System.Data.SqlClient.SqlCommand();
            insertAddress.Connection  = sc;
            insertAddress.CommandText = "insert into[Address](HouseNumber, Street, City, State, Country, ZipCode) " +
                                        "values(@HouseNumber,@CompStreet,@City,@CompState,@Country,@ZipCode)";
            insertAddress.Parameters.Add(new SqlParameter("@HouseNumber", bus.getCompHouseNumber()));
            insertAddress.Parameters.Add(new SqlParameter("@CompStreet", bus.getCompStreet()));
            insertAddress.Parameters.Add(new SqlParameter("@City", bus.getCity()));
            insertAddress.Parameters.Add(new SqlParameter("@CompState", bus.getState()));
            insertAddress.Parameters.Add(new SqlParameter("@Country", bus.getCountry()));
            insertAddress.Parameters.Add(new SqlParameter("@ZipCode", bus.getZipCode()));

            insertAddress.ExecuteNonQuery();
            sc.Close();

            //Insert into person table
            sc.Open();
            System.Data.SqlClient.SqlCommand insertPerson = new System.Data.SqlClient.SqlCommand();
            insertPerson.Connection = sc;

            System.Data.SqlClient.SqlCommand getdbAddressID = new System.Data.SqlClient.SqlCommand();
            getdbAddressID.Connection = sc;

            getdbAddressID.CommandText = "SELECT Max(AddressID) from ADDRESS";
            getdbAddressID.ExecuteNonQuery();
            int holdAddID = (Int32)getdbAddressID.ExecuteScalar();

            insertPerson.CommandText = "insert into [Person](FirstName,LastName,Email,personType,AddressID,PhoneNumber) values(@FirstName,@LastName,@Email,@PersonType,@AddressID,@PhoneNumber)";
            insertPerson.Parameters.Add(new SqlParameter("@FirstName", bus.getFirstName()));
            insertPerson.Parameters.Add(new SqlParameter("@LastName", bus.getLastName()));
            insertPerson.Parameters.Add(new SqlParameter("@Email", bus.getEmail()));
            insertPerson.Parameters.Add(new SqlParameter("@PhoneNumber", bus.getPhone()));
            insertPerson.Parameters.Add(new SqlParameter("@PersonType", "Employer"));
            insertPerson.Parameters.Add(new SqlParameter("@AddressID", holdAddID));

            insertPerson.ExecuteNonQuery();

            sc.Close();


            //Insert into employer table
            sc.Open();
            System.Data.SqlClient.SqlCommand insertEmployer = new System.Data.SqlClient.SqlCommand();
            insertEmployer.Connection = sc;

            System.Data.SqlClient.SqlCommand getdbPersonID = new System.Data.SqlClient.SqlCommand();
            getdbPersonID.Connection  = sc;
            getdbPersonID.CommandText = "SELECT MAX(PERSONID) from PERSON";
            getdbPersonID.ExecuteNonQuery();
            int holdPersonID = (Int32)getdbPersonID.ExecuteScalar();

            insertEmployer.CommandText = "insert into [Employer](EmployerName,JobTitle,PersonID,isApproved,EmployerSummary) values(@EmployerName,@JobTitle,@PersonID,@isApproved,@EmployerSummary)";
            insertEmployer.Parameters.Add(new SqlParameter("@EmployerName", bus.getCompany()));
            insertEmployer.Parameters.Add(new SqlParameter("@JobTitle", bus.getJobTitle()));
            insertEmployer.Parameters.Add(new SqlParameter("@PersonID", holdPersonID));
            insertEmployer.Parameters.Add(new SqlParameter("@isApproved", bus.getApproval()));
            insertEmployer.Parameters.Add(new SqlParameter("@EmployerSummary", bus.getEmpSummary()));

            insertEmployer.ExecuteNonQuery();

            sc.Close();

            //Insert into activity table
            sc.Open();
            System.Data.SqlClient.SqlCommand insertAct = new System.Data.SqlClient.SqlCommand();
            insertAct.Connection = sc;

            insertAct.CommandText = "insert into [Account](PersonID, Username,PasswordHash,PasswordSalt,ModifiedDate) values(@PersonID, @Username,@PasswordHash,@PasswordSalt,@ModifiedDate)";
            insertAct.Parameters.Add(new SqlParameter("@PersonID", holdPersonID));
            insertAct.Parameters.Add(new SqlParameter("@Username", bus.getEmail()));
            insertAct.Parameters.Add(new SqlParameter("@PasswordHash", PasswordHash.HashPassword(bus.getPassword())));
            insertAct.Parameters.Add(new SqlParameter("@PasswordSalt", "Salt"));
            insertAct.Parameters.Add(new SqlParameter("@ModifiedDate", DateTime.Now));
            insertAct.ExecuteNonQuery();


            //Make a success alert appear when the account is created successfully
            ScriptManager.RegisterStartupScript(this, this.GetType(), "ShowAlert", "ShowSuccessAlert();", true);

            //sql.Close();
            sc.Close();
        }
    }
Exemplo n.º 2
0
    //Insert into the Database
    protected void insert_Click(object sender, EventArgs e)
    {
        //Create new Employer object
        BusinessEmp bus = new BusinessEmp(FirstName.Value.ToString(), LastName.Value.ToString(), CompanyName.Value.ToString(), JobTitle.Value.ToString(), Summary.Value.ToString(), EmailAdd.Value.ToString(), Password1.Value.ToString(),
                                          PhoneNumber.Value.ToString(), CompHouseNumber.Value.ToString(), CompStreet.Value.ToString(), City.Value.ToString(),
                                          CompCountry.Value.ToString(), State.Value.ToString(), CompZip.Value.ToString());

        //Doesn't add to the DB if the email address is taken
        checkEmail(bus);

        if (checkEmail(bus) == false)
        {
            ScriptManager.RegisterStartupScript(this, this.GetType(), "ShowAlert", "ShowDangerAlert();", true);
            return;
        }
        else
        {
            EmailTaken.Visible = false;
        }

        checkPassword(bus);

        if (checkPassword(bus) == false)
        {
            ScriptManager.RegisterStartupScript(this, this.GetType(), "ShowPassAlert", "ShowDangerPassAlert();", true);
            return;
        }
        else
        {
            PassDontMatch.Visible = false;
        }

        if (EmailTaken.Visible == false || PassDontMatch.Visible == false)
        {
            //Insert values into database when user clicks "Insert"

            //Insert into address table
            sc.Open();
            System.Data.SqlClient.SqlCommand insertAddress = new System.Data.SqlClient.SqlCommand();
            insertAddress.Connection  = sc;
            insertAddress.CommandText = "insert into[Address](HouseNumber, Street, City, State, Country, ZipCode) " +
                                        "values(@HouseNumber,@CompStreet,@City,@CompState,@Country,@ZipCode)";
            insertAddress.Parameters.Add(new SqlParameter("@HouseNumber", bus.getCompHouseNumber()));
            insertAddress.Parameters.Add(new SqlParameter("@CompStreet", bus.getCompStreet()));
            insertAddress.Parameters.Add(new SqlParameter("@City", bus.getCity()));
            insertAddress.Parameters.Add(new SqlParameter("@CompState", bus.getState()));
            insertAddress.Parameters.Add(new SqlParameter("@Country", bus.getCountry()));
            insertAddress.Parameters.Add(new SqlParameter("@ZipCode", bus.getZipCode()));

            insertAddress.ExecuteNonQuery();
            sc.Close();

            //Insert intp Employer table
            //Insert into employer table
            sc.Open();
            System.Data.SqlClient.SqlCommand insertEmployer = new System.Data.SqlClient.SqlCommand();
            insertEmployer.Connection = sc;



            SqlCommand selectCompany = new SqlCommand();
            selectCompany.Connection  = sc;
            selectCompany.CommandText = "SELECT EmployerName from Employer where EmployerName = " + "'" + bus.getCompany() + "'";
            selectCompany.ExecuteNonQuery();
            SqlDataReader companyReader = selectCompany.ExecuteReader();

            for (int i = 0; i < 1; i++)
            {
                if (companyReader.HasRows)
                {
                    break;
                }
                else
                {
                    companyReader.Close();

                    insertEmployer.CommandText = "insert into [Employer](EmployerName,isApproved) values(@EmployerName,@isApproved)";
                    insertEmployer.Parameters.Add(new SqlParameter("@EmployerName", bus.getCompany()));
                    insertEmployer.Parameters.Add(new SqlParameter("@isApproved", bus.getApproval()));


                    insertEmployer.ExecuteNonQuery();
                }
            }
            companyReader.Close();
            sc.Close();

            //Insert into Person table
            sc.Open();
            System.Data.SqlClient.SqlCommand insertPerson = new System.Data.SqlClient.SqlCommand();
            insertPerson.Connection = sc;

            System.Data.SqlClient.SqlCommand getdbAddressID = new System.Data.SqlClient.SqlCommand();
            getdbAddressID.Connection = sc;

            getdbAddressID.CommandText = "SELECT Max(AddressID) from ADDRESS";
            getdbAddressID.ExecuteNonQuery();
            int holdAddID = (Int32)getdbAddressID.ExecuteScalar();


            SqlCommand EmpIDforPerson = new SqlCommand();
            EmpIDforPerson.Connection  = sc;
            EmpIDforPerson.CommandText = "Select EmployerID from Employer where Employername = " + "'" + bus.getCompany() + "'";
            EmpIDforPerson.ExecuteNonQuery();
            int holdEmpID = (Int32)EmpIDforPerson.ExecuteScalar();


            int    length = ProfilePic.PostedFile.ContentLength;
            byte[] pic    = new byte[length];
            ProfilePic.PostedFile.InputStream.Read(pic, 0, length);
            Session["pic"] = ProfilePic.PostedFile.InputStream.Read(pic, 0, length);


            insertPerson.CommandText = "insert into [Person](FirstName,LastName,Email,personType,AddressID,PhoneNumber,JobTitle,ProfilePhoto,PersonalSummary,EmployerID)" +
                                       " values(@FirstName,@LastName,@Email,@PersonType,@AddressID,@PhoneNumber,@JobTitle,@ProfilePhoto,@PersonalSummary,@EmployerID)";
            insertPerson.Parameters.Add(new SqlParameter("@FirstName", bus.getFirstName()));
            insertPerson.Parameters.Add(new SqlParameter("@LastName", bus.getLastName()));
            insertPerson.Parameters.Add(new SqlParameter("@Email", bus.getEmail()));
            insertPerson.Parameters.Add(new SqlParameter("@PhoneNumber", bus.getPhone()));
            insertPerson.Parameters.Add(new SqlParameter("@JobTitle", bus.getJobTitle()));
            insertPerson.Parameters.Add(new SqlParameter("ProfilePhoto", pic));
            insertPerson.Parameters.Add(new SqlParameter("@PersonalSummary", bus.getEmpSummary()));
            insertPerson.Parameters.Add(new SqlParameter("@PersonType", "Employer"));
            insertPerson.Parameters.Add(new SqlParameter("@AddressID", holdAddID));
            insertPerson.Parameters.Add(new SqlParameter("@EmployerID", holdEmpID));


            insertPerson.ExecuteNonQuery();

            sc.Close();



            //Insert into account table
            sc.Open();
            System.Data.SqlClient.SqlCommand insertAct = new System.Data.SqlClient.SqlCommand();
            insertAct.Connection = sc;

            System.Data.SqlClient.SqlCommand getdbPersonID = new System.Data.SqlClient.SqlCommand();
            getdbPersonID.Connection  = sc;
            getdbPersonID.CommandText = "SELECT MAX(PERSONID) from PERSON";
            getdbPersonID.ExecuteNonQuery();
            Int32 holdPersonID = (Int32)getdbPersonID.ExecuteScalar();



            insertAct.CommandText = "insert into [Account](Username,PersonID,PasswordHash,PasswordSalt,ModifiedDate) values(@Username,@PersonID, @PasswordHash,@PasswordSalt,@ModifiedDate)";

            insertAct.Parameters.Add(new SqlParameter("@Username", bus.getEmail()));
            insertAct.Parameters.Add(new SqlParameter("@PasswordHash", PasswordHash.HashPassword(bus.getPassword())));
            insertAct.Parameters.Add(new SqlParameter("@PasswordSalt", "Salt"));
            insertAct.Parameters.Add(new SqlParameter("@ModifiedDate", DateTime.Now));
            insertAct.Parameters.Add(new SqlParameter("@PersonID", holdPersonID));
            insertAct.ExecuteNonQuery();


            //Make a success alert appear when the account is created successfully
            ScriptManager.RegisterStartupScript(this, this.GetType(), "ShowAlert", "ShowSuccessAlert();", true);

            //sql.Close();
            sc.Close();

            clearSubmit();
        }
    }