public HttpResponseMessage Post(Login login) { SQLBlock block = new SQLBlock(); using (SqlConnection connection = new SqlConnection(block.connectionString)) { using (SqlCommand command = new SqlCommand($"select email from [dbo].[Users] where email = '{login.username}' AND password = '******';", connection)) { try { connection.Open(); } catch (Exception e) { connection.Close(); Console.Write(e); return(new HttpResponseMessage(HttpStatusCode.Conflict)); } using (SqlDataReader reader = command.ExecuteReader()) { if (reader.HasRows) { connection.Close(); return(new HttpResponseMessage(HttpStatusCode.OK)); } else { return(new HttpResponseMessage(HttpStatusCode.Forbidden)); } } } } }
public HttpResponseMessage Post(Data data) { SQLBlock block = new SQLBlock(); using (SqlConnection connection = new SqlConnection(block.connectionString)) using (SqlCommand command = new SqlCommand($"select email from [dbo].[Users] where email = '{data.email}'", connection)) { try { connection.Open(); } catch (Exception e) { connection.Close(); Console.Write(e); return(new HttpResponseMessage(HttpStatusCode.Conflict)); } try { using (SqlDataReader reader = command.ExecuteReader()) { if (reader.HasRows) { connection.Close(); return(new HttpResponseMessage(HttpStatusCode.BadRequest)); } } string insertQuery = $"INSERT INTO [dbo].[Users] (firstname, lastname, email, DOB, hometown, gender, password) " + $"values ('{data.firstname}', '{data.lastname}', '{data.email}', '{data.dob.Date}', '{data.hometown}','{data.gender}', '{data.password}');"; using (SqlCommand insertCommand = new SqlCommand(insertQuery, connection)) { try { insertCommand.ExecuteNonQuery(); } catch (Exception e2) { Console.Write(e2.Message); connection.Close(); return(new HttpResponseMessage(HttpStatusCode.Conflict)); } } connection.Close(); return(new HttpResponseMessage(HttpStatusCode.OK)); } catch (SqlException e3) { connection.Close(); return(new HttpResponseMessage(HttpStatusCode.Conflict)); // bad formed request } } }