public int?Update(User user) { dataAccess = new DataAccess(); string sql = "UPDATE Login_Credentials SET Password='******' WHERE User_Id=" + user.Id; return(dataAccess.ExecuteSqlQuery(sql)); }
public int Register(string fname, string lname, string email, string dob, string phone, string region, string state, string religion, string username, string password) { string sql = "INSERT INTO Users(First_Name,Last_Name,Email,DOB,Phone,Region,State,Religion) VALUES('" + fname + "','" + lname + "','" + email + "','" + dob + "','" + phone + "','" + region + "','" + state + "','" + religion + "')"; int? result = dataAccess.ExecuteSqlQuery(sql); if (result > 0) { dataAccess = new DataAccess(); sql = "SELECT * FROM Users WHERE Email='" + email + "'"; SqlDataReader reader = dataAccess.ReadSqlData(sql); reader.Read(); int id = (int)reader["Id"]; dataAccess = new DataAccess(); sql = "INSERT INTO Login_Credentials(User_Name,Password,User_Id) VALUES('" + username + "','" + password + "'," + id + ")"; result = dataAccess.ExecuteSqlQuery(sql); if (result > 0) { return(1); } else { return(0); } } else { return(0); } }