protected void btnSubmit_Click(object sender, EventArgs e) { if (Page.IsValid) { Session["sessionCart"] = cart; Session["firstName"] = txtFirstName.Text; Session["lastName"] = TxtLastName.Text; Session["address"] = txtAddress.Text; Session["cost"] = lblTotal.Text; Session["date"] = System.DateTime.Now; Session["payMeth"] = ddlCardType.SelectedValue; bool Error = false; // Get the user id Guid userID; SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["DefaultConnection"].ConnectionString); con.Open(); string query = "SELECT userID FROM [User] WHERE userName = '******';"; SqlCommand cmd = new SqlCommand(query, con); userID = (Guid)cmd.ExecuteScalar(); //try { userID = (Guid)cmd.ExecuteScalar(); } catch (Exception ee) { ErrorMessage.Text = ee.Message; Error = true; goto SKIPQUERY; } // insert order Guid OrderID = Guid.NewGuid(); string paymentInfo = txtFirstNameB.Text + ":" + TxtLastNameB.Text + ":" + txtAddressB.Text + ":" + txtZIPB.Text + ":" + ddlCardType.SelectedValue + txtCCN.Text + ":" + txtCCV.Text; query = "INSERT INTO [Order] (orderID,total,address,paymentInfo,userID,date) VALUES ('" + OrderID + "','" + lblTotal.Text + "','" + txtAddress.Text + "','" + paymentInfo + "','" + userID + "','" + DateTime.Now + "');"; cmd = new SqlCommand(query, con); cmd.ExecuteNonQuery(); //try { cmd.ExecuteNonQuery(); } catch (Exception ee) { ErrorMessage.Text = ee.Message; Error = true; goto SKIPQUERY; } // Submit each item in OrderItems foreach (ListItem i in lstCart.Items) { query = "INSERT INTO [orderItems] (orderItemID,orderID,itemID,itemQuantity) VALUES ('" + Guid.NewGuid() + "','" + OrderID + "','" + cart.GetDisplayItemID(i.Text) + "','" + cart.GetDisplayItemQuantity(i.Text) + "');"; cmd = new SqlCommand(query, con); cmd.ExecuteNonQuery(); //try { cmd.ExecuteNonQuery(); } catch (Exception ee) { ErrorMessage.Text = ee.Message; Error = true; goto SKIPQUERY; } } //SKIPQUERY: //if (Error != true) Server.Transfer("~/Account/ThankYou.aspx"); } }