Пример #1
0
        /// <summary>
        /// inserts into product_review table
        /// </summary>
        /// <param name="reviewText">review message</param>
        /// <param name="approved">approved by which employee</param>
        /// <param name="memberID">member id</param>
        /// <param name="productID">product id</param>
        public void Insert(string reviewText, bool approved, int memberID, int productID)
        {
            Connection.Open();
            string sqlString = string.Format(
                "INSERT INTO product_review VALUES (" +
                "'{0}',{1},{2},{3});",
                reviewText, BoolIntConverter.BoolToInt(approved), memberID, productID);

            SqlCommand command = new SqlCommand(sqlString, Connection);

            command.ExecuteNonQuery();
            Connection.Close();
        }
Пример #2
0
        /// <summary>
        /// updates the product_review table
        /// </summary>
        /// <param name="reviewID">review id</param>
        /// <param name="reviewText">review message</param>
        /// <param name="approved">approved by which employee</param>
        /// <param name="memberID">member id</param>
        /// <param name="productID">product id</param>
        public void Update(int reviewID, string reviewText, bool approved, int memberID, int productID)
        {
            Connection.Open();
            string sqlString =
                "UPDATE product_review SET " +
                "review_text ='" + reviewText + "', " +
                "approved = " + BoolIntConverter.BoolToInt(approved) + ", " +
                "member_id = " + memberID + "," +
                "product_id =" + productID + " " +
                "WHERE review_id = " + reviewID.ToString() + ";";
            SqlCommand command = new SqlCommand(sqlString, Connection);

            command.ExecuteNonQuery();
            Connection.Close();
        }