internal static string GetEditGroupSql(MGL.DomainModel.MGGroup newGroup)
{
string cleanGroupName = DatabaseHelper.SQL_INJECTION_CHECK_PARAMETER(false, newGroup.Name);
string cleanGroupDesc = DatabaseHelper.SQL_INJECTION_CHECK_PARAMETER(false, newGroup.Description);;
StringBuilder sql = new StringBuilder();
sql.Append("UPDATE ");
sql.Append(GROUP_TBLE_NAME);
sql.Append(" SET ");
sql.Append(GROUP_NAME_COL + "='" + cleanGroupName + "',");
sql.Append(GROUP_DESC_COL + "='" + cleanGroupDesc + "',");
sql.Append(GROUP_DEFAULT_COL + "=" + newGroup.IsDefault);
sql.Append(" WHERE ");
sql.Append(GROUP_ID_COL_GROUPTBL + "=" + newGroup.ID);
sql.Append(";");
return(sql.ToString());
}
internal static string GetInsertGroupSql(MGL.DomainModel.MGGroup groupToAdd)
{
string cleanGroupName = DatabaseHelper.SQL_INJECTION_CHECK_PARAMETER(false, groupToAdd.Name);
string cleanGroupDesc = DatabaseHelper.SQL_INJECTION_CHECK_PARAMETER(false, groupToAdd.Description);;
StringBuilder sql = new StringBuilder();
sql.Append("INSERT INTO ");
sql.Append(GROUP_TBLE_NAME);
sql.Append("(");
sql.Append(GROUP_NAME_COL + "," + GROUP_DESC_COL + "," + GROUP_DEFAULT_COL);
sql.Append(")");
sql.Append("VALUES ('");
sql.Append(cleanGroupName);
sql.Append("','");
sql.Append(cleanGroupDesc);
sql.Append("',");
sql.Append(groupToAdd.IsDefault);
sql.Append(");");
return(sql.ToString());
}
