private void Order_finish() { int id_zam = Check_IDzam(); List <string> user_info = Return_user_info(); string sql_z = "INSERT INTO ZNorthwind.dbo.Zamówienia(IDzamówienia,IDklienta,DataZamówienia,DataWysyłki,AdresOdbiorcy,NazwaOdbiorcy,MiastoOdbiorcy,KrajOdbiorcy,KodPocztowyOdbiorcy)" + " VALUES (@id_z,@id_k,@data_zam,@data_wys,@adres,@n_firmy,@miasto,@kraj,@k_pocztowy)"; var command_z = new SqlCommand(sql_z, DBconnection.Connection()); command_z.Parameters.AddWithValue("@id_z", id_zam); command_z.Parameters.AddWithValue("@id_k", Global_variable.IDklienta); command_z.Parameters.AddWithValue("@data_zam", data_zam); command_z.Parameters.AddWithValue("@data_wys", data_zam.AddHours(random.Next(4, 72))); command_z.Parameters.AddWithValue("@n_firmy", user_info.ElementAt(0).ToString()); command_z.Parameters.AddWithValue("@miasto", user_info.ElementAt(1).ToString()); command_z.Parameters.AddWithValue("@adres", user_info.ElementAt(2).ToString()); command_z.Parameters.AddWithValue("@k_pocztowy", user_info.ElementAt(3).ToString()); command_z.Parameters.AddWithValue("@kraj", user_info.ElementAt(4).ToString()); command_z.ExecuteNonQuery(); foreach (DataGridViewRow row in DataGridView_koszyk.Rows) { string sql_pz = "INSERT INTO ZNorthwind.dbo.PozycjeZamówienia(IDzamówienia,IDproduktu,CenaJednostkowa,Ilość,Rabat)" + " VALUES (@id_z,@id_p,@cena,@ilosc,@rabat)"; var command_pz = new SqlCommand(sql_pz, DBconnection.Connection()); command_pz.Parameters.AddWithValue("@id_z", id_zam); command_pz.Parameters.AddWithValue("@id_p", Convert.ToInt32(row.Cells[4].Value)); command_pz.Parameters.AddWithValue("@cena", Convert.ToDouble(row.Cells[3].Value)); command_pz.Parameters.AddWithValue("@ilosc", Convert.ToInt32(row.Cells[2].Value)); command_pz.Parameters.AddWithValue("@rabat", 0); command_pz.ExecuteNonQuery(); } DBconnection.Connection_Close(DBconnection.Connection()); Cleaning_after_order(); }
private void Create() { string sql = "INSERT INTO ZNorthwind.dbo.Klienci(IDklienta,NazwaFirmy,Miasto,Adres,KodPocztowy,Kraj,Telefon,Hasło)" + "VALUES (@id,@nazwafirmy,@miasto,@adres,@kodpocztowy,@kraj,@telefon,HASHBYTES('SHA1','@haslo'))"; var command = new SqlCommand(sql, DBconnection.Connection()); command.Parameters.AddWithValue("@nazwafirmy", textBox_Imie.Text + " " + textBox_Nazwisko.Text); command.Parameters.AddWithValue("@id", textBox_Login.Text.ToUpper()); command.Parameters.AddWithValue("@miasto", textBox_Miasto.Text); command.Parameters.AddWithValue("@adres", textBox_Adres.Text); command.Parameters.AddWithValue("@kodpocztowy", textBox_Kod_pocztowy.Text); command.Parameters.AddWithValue("@kraj", textBox_Kraj.Text); command.Parameters.AddWithValue("@telefon", textBox_Telefon.Text); command.Parameters.AddWithValue("@haslo", textBox_Haslo.Text); command.ExecuteNonQuery(); DBconnection.Connection_Close(DBconnection.Connection()); }
private void Logowanie() { if (login == null || password == null) { DialogResult msg = MessageBox.Show("Musisz podać login i haslo", "Logowanie", MessageBoxButtons.RetryCancel, MessageBoxIcon.Error); if (msg != DialogResult.Retry) { ActiveForm.Close(); } } else { string sql; sql = "SELECT COUNT(*) FROM Klienci WHERE IDklienta = @id AND Hasło = HASHBYTES('SHA1','@haslo')"; var command = new SqlCommand(sql, DBconnection.Connection()); command.Parameters.AddWithValue("@id", login); command.Parameters.AddWithValue("@haslo", password); int results = (int)command.ExecuteScalar(); if (results > 0) { Global_variable.IDklienta = login.ToUpper(); Global_variable.User_status = true; DBconnection.Connection_Close(DBconnection.Connection()); ActiveForm.Close(); } else { DialogResult result = MessageBox.Show("Złe dane logowania", "Logowanie", MessageBoxButtons.RetryCancel, MessageBoxIcon.Error); if (result != DialogResult.Retry) { DBconnection.Connection_Close(DBconnection.Connection()); ActiveForm.Close(); } } } }