protected void submitButton_Click(object sender, EventArgs e) { // get DBM object DBMaster dbm = new DBMaster(); // get vars from input string productName = newProductNameInput.Text, productDescription = newProductDescriptionInput.Text, productPrice = newProductPriceInput.Text, productQuantity = newProductQuantityInput.Text, // generate query query = "INSERT INTO [dbo].[products] ([productName],[description],[price],[currentAmount]) VALUES (\'" + productName + "\',\'" + productDescription + "\',\'" + productPrice + "\',\'" + productQuantity + "\')"; // execute the query dbm.executeQuery(query); // close connection dbm.closeConnection(); // clear text fields newProductNameInput.Text = ""; newProductDescriptionInput.Text = ""; newProductPriceInput.Text = ""; newProductQuantityInput.Text = ""; }
protected void submit_Click(object sender, EventArgs e) { // vars string id = Session["userID"].ToString(), firstN = fname.Text, lastN = lname.Text, userN = usernm.Text, passW = passw.Text, addres = addrs.Text, emailA = email.Text, phoneN = phone.Text, query = "UPDATE [dbo].[person] SET [firstName] = \'" + firstN + "\', [lastName] = \'" + lastN + "\', [userName] = \'" + userN + "\', [password] = \'" + passW + "\', [address] = \'" + addres + "\', [email] = \'" + emailA + "\', [phone] = \'" + phoneN + "\' WHERE id = " + id; dbm.executeQuery(query); // close connection dbm.closeConnection(); // send user to next page Response.Redirect("showUser.aspx"); }
protected void Page_Load(object sender, EventArgs e) { // check if user logged in if (Session["ID"] == null) { Response.Redirect("../index.aspx"); } // Vars string ID = Session["ID"].ToString(), // user ID PID = Request.QueryString["id"], // product id passed from product page query = "select * from [dbo].[person] where id = '" + ID + "'", // query to get personal details of user emailMsg = "", // msg that will be emailed to customer customerName = "", // first name of customer customerAddress = "", // customer's address customerEmail = "", // customer's email productName = "", // name of product with PID productPrice = ""; // price of product with PID uint productAmount = 0; // uint ensures positive values only // Establish DB connection dbm = new DBMaster(); // Get reader for DB SqlDataReader reader = dbm.getReader(query); if (reader.Read()) // ensure that valid id was passed { customerAddress = reader["address"].ToString(); customerName = reader["firstName"].ToString(); customerEmail = reader["email"].ToString(); } else // Session ID is incorrect, force user to log in again { Session["ID"] = null; Response.Redirect("../index.aspx"); } // get new reader for person table reader.Close(); query = "select * from [dbo].[products] where pid = '" + PID + "'"; reader = dbm.getReader(query); if (reader.Read()) { productName = reader["productName"].ToString(); productPrice = reader["price"].ToString(); string temp = reader["currentAmount"].ToString(); // temp storage try // this will fail if currentAmount is not a positive integer { if (!UInt32.TryParse(temp, out productAmount)) { throw new FormatException("invalid database entry 'currentAmount'"); // the conversion did not succeed } // end if (!UInt32.TryParse(temp, out productAmount)) } // end try catch (FormatException error) { reader.Close(); // close reader query = "update [dbo].[products] set [currentAmount] = '0' where pid = '" + PID + "'"; dbm.executeQuery(query); // set currentAmount to 0 to correct this error Msg.Text = "We are sorry, the item you attempted to purchase is out of stock. You will be redirected shortly."; // display error to user Thread.Sleep(5000); // allow time for user to read error dbm.closeConnection(); // close connection to db Response.Redirect("productPage.aspx?error=" + error.Message); // return user to product page } // end catch } // end if (reader.Read()) else // the PID passed was invalid { Response.Redirect("productPage.aspx"); } // update DB to account for the sale query = "update [dbo].[products] set [currentAmount] = '" + (productAmount - 1) + "' where pid = '" + PID + "'"; dbm.executeQuery(query); // close connection dbm.closeConnection(); // send email to customer emailMsg = "Hi " + customerName + " Thank you for your purchase of " + productName + ". <br /> Your credit card on file will be charged $" + productPrice + ", and the item will be shipped to your address at: <br /> " + customerAddress + " <br /> We hope to see you again soon!"; sendEmail(customerEmail, emailMsg); // display message to user that sale was completed Msg.Text = "Thank you for your purchase, " + customerName + ". <br /> Your credit card on file will be charged $" + productPrice + " for your purchase of " + productName + ", and the item will be shipped to your address at: <br /> " + customerAddress + " <br /> We hope to see you again soon! <br /> <br /> <b>Note:</b> A copy of this invoice will also be sent to your email on file."; }