protected void btnAdd_Click(object sender, EventArgs e)
{
using (SqlConnection con = new SqlConnection(Util.GetConnection()))
{
con.Open();
string SQL = @"INSERT INTO Products VALUES ( @Name, @CatID, @Code, @Description, @Image, @Price, @IsFeatured, @Available, @CriticalLevel, @Maximum, @Status, @DateAdded, @DateModified)";
//parameterized query
using (SqlCommand cmd = new SqlCommand(SQL, con))
{
cmd.Parameters.AddWithValue("@Name", Prod_Name.Text);
cmd.Parameters.AddWithValue("@CatID", ddlCategory.SelectedValue);
cmd.Parameters.AddWithValue("@Code", Prod_Code.Text);
cmd.Parameters.AddWithValue("@Description", Prod_Desc.Text);
string fileExt = Path.GetExtension(Prod_Img.FileName);
string id = Guid.NewGuid().ToString();
cmd.Parameters.AddWithValue("@Image", id + fileExt);
Prod_Img.SaveAs(Server.MapPath("~/img/products/" + id + fileExt));
cmd.Parameters.AddWithValue("@Price", Prod_Pric.Text);
cmd.Parameters.AddWithValue("@IsFeatured", ddlFeatured.SelectedValue);
cmd.Parameters.AddWithValue("@Available", 0);
cmd.Parameters.AddWithValue("@CriticalLevel", Prod_CritLev.Text);
cmd.Parameters.AddWithValue("@Maximum", Prod_MaxNumofItems.Text);
cmd.Parameters.AddWithValue("@Status", "Active");
cmd.Parameters.AddWithValue("@DateAdded", DateTime.Now);
cmd.Parameters.AddWithValue("@DateModified", DBNull.Value);
cmd.ExecuteNonQuery();
Response.Redirect("Default.aspx");
}
}
}
protected void btnUpdate_Click(object sender, EventArgs e)
{
using (SqlConnection con = new SqlConnection(Util.GetConnection()))
{
con.Open();
string SQL = @"UPDATE Products SET Name=@Name, CatID=@CatID, Code=@Code, Description=@Description, Image=@Image, Price=@Price, IsFeatured=@IsFeatured, Available=Available, CriticalLevel=@CriticalLevel, Maximum=@Maximum, DateModified=@DateModified WHERE ProductID=@ProductID"; ///UPDATE STRING
//parameterized query
using (SqlCommand cmd = new SqlCommand(SQL, con))
{
cmd.Parameters.AddWithValue("@Name", Prod_Name.Text);
cmd.Parameters.AddWithValue("@CatID", ddlCategory.SelectedValue);
cmd.Parameters.AddWithValue("@Description", Prod_Desc.Text);
cmd.Parameters.AddWithValue("@Code", Prod_Code.Text);
if (Prod_Img.HasFile)
{
string file = Path.GetExtension(Prod_Img.FileName);
string id = Guid.NewGuid().ToString();
cmd.Parameters.AddWithValue("@Image", id + file);
Prod_Img.SaveAs(Server.MapPath("~/img/products/" + id + file));
}
else
{
cmd.Parameters.AddWithValue("@Image", Session["image"].ToString());
}
cmd.Parameters.AddWithValue("@Price", Prod_Pric.Text);
cmd.Parameters.AddWithValue("@IsFeatured", ddlFeatured.SelectedValue);
cmd.Parameters.AddWithValue("@CriticalLevel", Prod_CritLev.Text);
cmd.Parameters.AddWithValue("@Maximum", Prod_MaxNumofItems.Text);
cmd.Parameters.AddWithValue("@DateModified", DateTime.Now);
cmd.Parameters.AddWithValue("@ProductID", Request.QueryString["ID"].ToString());
cmd.ExecuteNonQuery();
con.Close(); ////may or may not///
Response.Redirect("Default.aspx");
}
}
}
