Exemplo n.º 1
0
        protected void Button2_Click(object sender, EventArgs e)
        {
            string filename = Path.GetFileName(FileUpload1.FileName);

            dbcon = new SQLConnection();
            if (name.Text.Equals("") || price.Text.Equals(""))
            {
                Response.Write("<script>alert('Cannot fill in the blanks')</script>");
            }
            else
            {
                if (Session["product_id"] != null || FileUpload1.HasFile)
                {
                    if (Session["product_id"] != null)
                    {
                        if (FileUpload1.HasFile)
                        {
                            try
                            {
                                FileUpload1.SaveAs(Server.MapPath("upload/") + filename);
                                string query = "update products set name = '" + name.Text + "' , price = '" + price.Text + "', image = '" + filename + "' where ID=" + Session["product_id"] + ";";
                                dbcon.executeSQL(query);
                                Response.Write("<script>alert('Update Product Successfully.');</script>");
                            }
                            catch (Exception ex)
                            {
                                Response.Write("<script>alert('" + ex.ToString() + "')</script>");
                            }
                        }
                        else
                        {
                            try
                            {
                                FileUpload1.SaveAs(Server.MapPath("upload/") + filename);
                                string query = "update products set name = '" + name.Text + "' , price = '" + price.Text + "' where ID=" + Session["product_id"] + ";";
                                dbcon.executeSQL(query);
                                Response.Write("<script>alert('Update Product Successfully.');</script>");
                            }
                            catch (Exception ex)
                            {
                                Response.Write("<script>alert('" + ex.ToString() + "')</script>");
                            }
                        }
                    }
                    else
                    {
                        try
                        {
                            FileUpload1.SaveAs(Server.MapPath("upload/") + filename);
                            string query = "insert into products(name, image, price) values ('" + name.Text + "','" + filename + "','" + price.Text + "');";
                            dbcon.executeSQL(query);
                            Response.Write("<script>alert('Create Product Successfully.');window.location = 'AdminViewProduct.aspx';</script>");
                        }
                        catch (Exception ex)
                        {
                            Response.Write(ex.ToString());
                        }
                    }
                }
                else
                {
                    Response.Write("<script>alert('You have not uploaded any product image')</script>");
                }
            }
        }
 protected void Page_Load(object sender, EventArgs e)
 {
     dbcon            = new SQLConnection();
     Session["admin"] = null;
 }