public void InsertCategory(CategoryData data) { string sql; SqlCommand cmd; sql = "INSERT INTO categories (category_name, category_description) " + " VALUES (@name, @description); "; using (SqlConnection conn = new SqlConnection(DBCONNECTION)) { conn.Open(); cmd = new SqlCommand(sql, conn); cmd.Parameters.Add("@name", SqlDbType.Text).Value = DatabaseClientCast.StringToDb(data.Name); cmd.Parameters.Add("@description", SqlDbType.Text).Value = DatabaseClientCast.StringToDb(data.Description); cmd.ExecuteNonQuery(); } }
public void InsertSupplier(SupplierData data) { string sql; SqlCommand cmd; sql = "INSERT INTO suppliers (supplier_name) VALUES (@name); " + "INSERT INTO adresses (adress_street, adress_number, adress_city, adress_zip, adress_country) VALUES (@street, @nr, @city, @zip, @country); "; using (SqlConnection conn = new SqlConnection(DBCONNECTION)) { conn.Open(); cmd = new SqlCommand(sql, conn); cmd.Parameters.Add("@name", SqlDbType.Text).Value = DatabaseClientCast.StringToDb(data.Name); cmd.Parameters.Add("@street", SqlDbType.Text).Value = DatabaseClientCast.StringToDb(data.Street); cmd.Parameters.Add("@nr", SqlDbType.Text).Value = DatabaseClientCast.StringToDb(data.Nr); cmd.Parameters.Add("@city", SqlDbType.Text).Value = DatabaseClientCast.StringToDb(data.City); cmd.Parameters.Add("@zip", SqlDbType.Text).Value = DatabaseClientCast.StringToDb(data.Zip); cmd.Parameters.Add("@country", SqlDbType.Text).Value = DatabaseClientCast.StringToDb(data.Country); cmd.ExecuteNonQuery(); } }