protected void MerchView_ItemInserting(object sender, DetailsViewInsertEventArgs e)
{
string merchId = FooStringHelper.RandomString(16);
var txtMerchName = (TextBox)merchView.FindControl("txtMerchName");
var txtMerchPrice = (TextBox)merchView.FindControl("txtMerchPrice");
var txtMerchBrief = (TextBox)merchView.FindControl("txtMerchBrief");
var txtMerchBody = (TextBox)merchView.FindControl("txtMerchBody");
var imageUploadForm = (FileUpload)merchView.FindControl("imageUploadForm");
var merchEnabledCheckbox = (CheckBox)merchView.FindControl("merchEnabledCheckbox");
if (!string.IsNullOrEmpty(txtMerchName.Text) && !string.IsNullOrEmpty(txtMerchPrice.Text) &&
FooStringHelper.IsValidPrice(txtMerchPrice.Text) && !string.IsNullOrEmpty(txtMerchBrief.Text) &&
!string.IsNullOrEmpty(txtMerchBody.Text))
{
try
{
if (FooSessionHelper.IsValidRequest(HttpContext.Current, RequestToken.Value))
{
// Define connection string.
using (var conn = new NpgsqlConnection())
{
conn.ConnectionString =
ConfigurationManager.ConnectionStrings["fooPostgreSQL"].ConnectionString;
conn.Open();
var cmd = new NpgsqlCommand
{
CommandText =
"INSERT INTO merchandise (merchid, merchname, merchprice, merchbrief, merchbody, merchenabled) VALUES (@MERCHID, @MERCHNAME, @MERCHPRICE, @MERCHBRIEF, @MERCHBODY, @MERCHENABLED)",
CommandType = CommandType.Text,
Connection = conn
};
var idParam = new NpgsqlParameter
{
ParameterName = "@MERCHID",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 16,
Direction = ParameterDirection.Input,
Value = merchId
};
cmd.Parameters.Add(idParam);
var nameParam = new NpgsqlParameter
{
ParameterName = "@MERCHNAME",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 64,
Direction = ParameterDirection.Input,
Value = txtMerchName.Text
};
cmd.Parameters.Add(nameParam);
var priceParam = new NpgsqlParameter
{
ParameterName = "@MERCHPRICE",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 8,
Direction = ParameterDirection.Input,
Value = txtMerchPrice.Text
};
cmd.Parameters.Add(priceParam);
var briefParam = new NpgsqlParameter
{
ParameterName = "@MERCHBRIEF",
NpgsqlDbType = NpgsqlDbType.Varchar,
Size = 1024,
Direction = ParameterDirection.Input,
Value = txtMerchBrief.Text
};
cmd.Parameters.Add(briefParam);
var bodyParam = new NpgsqlParameter
{
ParameterName = "@MERCHBODY",
NpgsqlDbType = NpgsqlDbType.Varchar,
Direction = ParameterDirection.Input,
Value = txtMerchBody.Text
};
cmd.Parameters.Add(bodyParam);
var enabledParam = new NpgsqlParameter
{
ParameterName = "@MERCHENABLED",
NpgsqlDbType = NpgsqlDbType.Boolean,
Direction = ParameterDirection.Input,
Value = merchEnabledCheckbox.Checked
};
cmd.Parameters.Add(enabledParam);
cmd.ExecuteNonQuery();
cmd.Dispose();
}
if (imageUploadForm.HasFile)
{
HttpPostedFile file = HttpContext.Current.Request.Files[0];
Insert_NewImage(merchId, file);
}
else
{
Insert_NewImage(merchId, null);
}
}
}
catch (Exception ex)
{
FooLogging.WriteLog(ex.ToString());
errorLabel.Text = "Something has gone wrong. A log has been forwarded to the site administrator.";
}
}
else
{
errorLabel.Text = "Incomplete or invalid input.";
}
Reset_Page(string.Empty);
}