protected void btnSubmit_Click(object sender, EventArgs e)
    {
        if (Page.IsValid)
        {
            Session["sessionCart"] = cart;
            Session["firstName"]   = txtFirstName.Text;
            Session["lastName"]    = TxtLastName.Text;
            Session["address"]     = txtAddress.Text;
            Session["cost"]        = lblTotal.Text;
            Session["date"]        = System.DateTime.Now;
            Session["payMeth"]     = ddlCardType.SelectedValue;

            bool Error = false;

            // Get the user id
            Guid          userID;
            SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["DefaultConnection"].ConnectionString);
            con.Open();
            string     query = "SELECT userID FROM [User] WHERE userName = '******';";
            SqlCommand cmd   = new SqlCommand(query, con);
            userID = (Guid)cmd.ExecuteScalar();
            //try { userID = (Guid)cmd.ExecuteScalar(); } catch (Exception ee) { ErrorMessage.Text = ee.Message; Error = true; goto SKIPQUERY; }

            // insert order
            Guid   OrderID     = Guid.NewGuid();
            string paymentInfo = txtFirstNameB.Text + ":" + TxtLastNameB.Text + ":" + txtAddressB.Text + ":" + txtZIPB.Text + ":" + ddlCardType.SelectedValue + txtCCN.Text + ":" + txtCCV.Text;
            query = "INSERT INTO [Order] (orderID,total,address,paymentInfo,userID,date) VALUES ('" + OrderID + "','" + lblTotal.Text + "','" + txtAddress.Text + "','" + paymentInfo + "','" + userID + "','" + DateTime.Now + "');";
            cmd   = new SqlCommand(query, con);
            cmd.ExecuteNonQuery();
            //try { cmd.ExecuteNonQuery(); } catch (Exception ee) { ErrorMessage.Text = ee.Message; Error = true; goto SKIPQUERY; }

            // Submit each item in OrderItems
            foreach (ListItem i in lstCart.Items)
            {
                query = "INSERT INTO [orderItems] (orderItemID,orderID,itemID,itemQuantity) VALUES ('" + Guid.NewGuid() + "','" + OrderID + "','" + cart.GetDisplayItemID(i.Text) + "','" + cart.GetDisplayItemQuantity(i.Text) + "');";
                cmd   = new SqlCommand(query, con);
                cmd.ExecuteNonQuery();
                //try { cmd.ExecuteNonQuery(); } catch (Exception ee) { ErrorMessage.Text = ee.Message; Error = true; goto SKIPQUERY; }
            }

            //SKIPQUERY:
            //if (Error != true)
            Server.Transfer("~/Account/ThankYou.aspx");
        }
    }