ChrisCompleteCodeTrunk
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
using System.Data;
using System.Data.Sql;
using System.Data.SqlClient;
using System.Text.RegularExpressions;
using System.Configuration;
namespace CRMPortal
{
public partial class AdminEditProvider : System.Web.UI.Page
{
private SqlConnection sql = null;
private ConnectionStringSettings sqlString = ConfigurationManager.ConnectionStrings["actionsql1"];
public int pid;
public bool pidExists = true;
protected void Page_Load(object sender, EventArgs e)
{
//if (!siteAdmin.Equals(Page.User.Identity.Name.ToUpper()))
if (!Logic.isAdmin(Page.User.Identity.Name))
{
Response.Write("You are not authorized to access this page.");
Response.Redirect("~/NotAllowed.html");
return;
}
//if (Request.QueryString.Count > 0 && !int.TryParse(Request.QueryString["P"], out pid)) pid = 0;
System.Collections.Specialized.NameValueCollection qs = Request.QueryString;
if (Request.QueryString.Count > 0)
{
if (qs["P"] != null)
{
if (!int.TryParse(Request.QueryString["P"], out pid)) pid = 0;
sqlConnect();
string query = "SELECT TOP 1 * FROM dbo.Providers WHERE ID=@PID";
SqlCommand cmd = new SqlCommand(query, sql);
cmd.Parameters.Add(new SqlParameter("@PID", pid));
SqlDataReader reader = cmd.ExecuteReader();
DataTable d = new DataTable();
d.Load(reader);
reader.Close();
cmd.Dispose();
reader.Dispose();
sqlDisconnect();
if (d.Rows.Count < 1)
{
pidExists = false;
return;
}
if (!Page.IsPostBack)
{
DataRow r = d.Rows[0];
tbName.Text = r["Provider"].ToString();
}
}
}
if (qs["A"] != null)
{
string action = qs["A"];
if (action.Equals("D"))
{
string query = "DELETE * FROM dbo.Providers WHERE ID=@PID";
SqlCommand cmd = new SqlCommand(query, sql);
cmd.Parameters.Add(new SqlParameter("@PID", pid));
cmd.ExecuteNonQuery();
}
}
}
public void sqlConnect()
{
sql = new SqlConnection(sqlString.ConnectionString);
sql.Open();
}
public void sqlDisconnect()
{
sql.Close();
}
protected void btnSave_Click(object sender, EventArgs e)
{
string query = "";
if (!pidExists)
query = "INSERT INTO dbo.Providers (Provider) VALUES (@PROVIDER)";
else
query = "UPDATE dbo.Providers SET Provider=@PROVIDER WHERE id=@PID";
sqlConnect();
SqlCommand cmd = new SqlCommand(query, sql);
cmd.Parameters.Add(new SqlParameter("@PROVIDER", tbName.Text));
cmd.Parameters.Add(new SqlParameter("@PID", pid));
SqlDataReader reader = cmd.ExecuteReader();
DataTable d = new DataTable();
d.Load(reader);
reader.Close();
cmd.Dispose();
reader.Dispose();
sqlDisconnect();
Response.Redirect("~/Admin.aspx");
}
protected void btnCancel_Click(object sender, EventArgs e)
{
Response.Redirect("~/Admin.aspx");
}
}
}
|
Revision |
Author |
Commited |
Message |
1
|
BBDSCHRIS
|
Wed 22 Aug, 2018 20:08:03 +0000 |
|