/// <summary> /// /// </summary> /// <param name="patient"></param> public void InsertPatient(Patient patient) { StringBuilder sql = new StringBuilder(); sql.Append("INSERT INTO [HealthCare].[dbo].[Patient]([FirstName],[LastName],[dateBirth]"); sql.Append(" ,[strEmail] ,[Address] ,[city],[state] ,[zip] ,[Insurance] ,[locOfPolicy]"); sql.Append(" ,[Gender],[phone],[userId],[password],[secQues],[secAns] ,[provider])"); sql.Append(" VALUES( '" + patient.fName + "', '"); sql.Append(patient.LName + "', '"); sql.Append(patient.dOBirth + "', '"); sql.Append(patient.Email + "','"); sql.Append(patient.Address + "','"); sql.Append(patient.City + "','"); sql.Append(patient.State + "','"); sql.Append(patient.zip + "','"); sql.Append(patient.InsurName + "','"); sql.Append(patient.LocationOfPolicy + "','"); sql.Append(patient.gender + "', '"); sql.Append(patient.Phone + "', '"); sql.Append(patient.UserID + "', '"); sql.Append(patient.Pass + "', '"); sql.Append(patient.SecQues + "', '"); sql.Append(patient.SecAns + "', '"); sql.Append(patient.Provider + "') "); // Assign new customer Id back to business object int id = Db.Insert(sql.ToString(), true); patient.PatientID = id; //return sql.ToString(); }
public void AddPatient(Patient patient) { //string sql = string.Empty; // TODO: add security here.. // TODO: add argument validation here.. // Run within the context of a database transaction. // The Decorator Design Pattern. using (TransactionDecorator transaction = new TransactionDecorator()) { patientDAO.InsertPatient(patient); transaction.Complete(); } }