1
private void InsertUser()
2
{
3
if (Page.IsValid)
4
{
5 // Save new user to the database
6 SqlConnection con;
7 string sql;
8 SqlCommand cmd;
9 StringBuilder sb = new StringBuilder();
10 ArrayList values = new ArrayList();
11
12 sb.Append("INSERT INTO [User] ");
13 sb.Append("(UserID, Login, Password, FirstName, LastName,");
14 sb.Append(" PhoneNumber, Email, IsAdministrator, Address,");
15 sb.Append(" CellNumber, DateOfBirth) ");
16 sb.Append("VALUES
('{0}', '{1}', '{2}', '{3}', '{4}', '{5}', '{6}', '{7}', ");
17
18 // Optional values without quotes as they can be the Null value.
19 sb.Append("{8}, {9}, {10})");
20
21 // Escape any quotation mark entered by the user
22 txtLogin.Text = txtLogin.Text.Replace("'","''");
23 txtPwd.Text = txtPwd.Text.Replace("'","''");
24 txtFName.Text = txtFName.Text.Replace("'","''");
25 txtLName.Text = txtLName.Text.Replace("'","''");
26 txtPhone.Text = txtPhone.Text.Replace("'","''");
27 txtMobile.Text = txtMobile.Text.Replace("'","''");
28 txtEmail.Text = txtEmail.Text.Replace("'","''");
29 txtAddress.Text = txtAddress.Text.Replace("'","''");
30 txtBirth.Text = txtBirth.Text.Replace("'","''");
31
32 // Add required values to replace
33 values.Add(Guid.NewGuid().ToString());
34 values.Add(txtLogin.Text);
35 values.Add(txtPwd.Text);
36 values.Add(txtFName.Text);
37 values.Add(txtLName.Text);
38 values.Add(txtPhone.Text);
39 values.Add(txtEmail.Text);
40 values.Add(0);
41
42 // Add the optional values or Null
43 if (txtAddress.Text != string.Empty)
44 values.Add("'" + txtAddress.Text + "'");
45 else
46 values.Add("Null");
47
48 if (txtMobile.Text != string.Empty)
49 values.Add("'" + txtMobile.Text + "'");
50 else
51 values.Add("Null");
52
53 if (txtBirth.Text != string.Empty)
54 values.Add("'" + txtBirth.Text + "'");
55 else
56 values.Add("Null");
57
58 // Format the string with the array of values
59 sql = String.Format(sb.ToString(), values.ToArray());
60
61 // Connect and execute the query
62 con = new SqlConnection(ConfigurationSettings.AppSettings["cnFriends.ConnectionString"]);
63 cmd = new SqlCommand(sql, con);
64 con.Open();
65
66 bool doredirect = true;
67
68 try
69 {
70 cmd.ExecuteNonQuery();
71
}
72 catch(SqlException e)
73 {
74 if (e.Number==2627)
75 throw new DuplicateUsernameFRException("Can't insert record", e);
76 else
77 {
78 doredirect = false;
79 this.lblMessage.Visible = true;
80 this.lblMessage.Text = "Insert couldn't be performed. ";
81 }
82 }
83 catch(OutOfMemoryException e)
84 {
85 doredirect = false;
86 this.lblMessage.Visible = true;
87 this.lblMessage.Text = "We just run of out memory, " +
88 "please restart the application!";
89 }
90 catch(Exception e)
91 {
92 Trace.Warn("FriendsReunion",
93 "An exception was thrown: " + e.Message.ToString());
94 doredirect = false;
95 this.lblMessage.Visible = true;
96 this.lblMessage.Text = "Insert couldn't be performed. User name may be already taken.";
97 }
98 finally
99 {
100 con.Close();
101 }
102
103 if (doredirect)
104 Server.Transfer("Login.aspx");
105 }
106
}
107
private void InsertUser()2
{
3
if (Page.IsValid)4
{
5
// Save new user to the database6
SqlConnection con;7
string sql;8
SqlCommand cmd;9
StringBuilder sb = new StringBuilder();10
ArrayList values = new ArrayList();11
12
sb.Append("INSERT INTO [User] ");13
sb.Append("(UserID, Login, Password, FirstName, LastName,");14
sb.Append(" PhoneNumber, Email, IsAdministrator, Address,");15
sb.Append(" CellNumber, DateOfBirth) ");16
sb.Append("VALUES ('{0}', '{1}', '{2}', '{3}', '{4}', '{5}', '{6}', '{7}', ");
17
18
// Optional values without quotes as they can be the Null value.19
sb.Append("{8}, {9}, {10})");20
21
// Escape any quotation mark entered by the user22
txtLogin.Text = txtLogin.Text.Replace("'","''");23
txtPwd.Text = txtPwd.Text.Replace("'","''");24
txtFName.Text = txtFName.Text.Replace("'","''");25
txtLName.Text = txtLName.Text.Replace("'","''");26
txtPhone.Text = txtPhone.Text.Replace("'","''");27
txtMobile.Text = txtMobile.Text.Replace("'","''");28
txtEmail.Text = txtEmail.Text.Replace("'","''");29
txtAddress.Text = txtAddress.Text.Replace("'","''");30
txtBirth.Text = txtBirth.Text.Replace("'","''");31
32
// Add required values to replace33
values.Add(Guid.NewGuid().ToString());34
values.Add(txtLogin.Text);35
values.Add(txtPwd.Text);36
values.Add(txtFName.Text);37
values.Add(txtLName.Text);38
values.Add(txtPhone.Text);39
values.Add(txtEmail.Text);40
values.Add(0);41
42
// Add the optional values or Null43
if (txtAddress.Text != string.Empty)44
values.Add("'" + txtAddress.Text + "'");45
else 46
values.Add("Null");47
48
if (txtMobile.Text != string.Empty)49
values.Add("'" + txtMobile.Text + "'");50
else 51
values.Add("Null");52
53
if (txtBirth.Text != string.Empty)54
values.Add("'" + txtBirth.Text + "'");55
else 56
values.Add("Null");57
58
// Format the string with the array of values59
sql = String.Format(sb.ToString(), values.ToArray());60
61
// Connect and execute the query62
con = new SqlConnection(ConfigurationSettings.AppSettings["cnFriends.ConnectionString"]);63
cmd = new SqlCommand(sql, con);64
con.Open();65
66
bool doredirect = true;67
68
try69
{70
cmd.ExecuteNonQuery();71
}72
catch(SqlException e)73
{74
if (e.Number==2627)75
throw new DuplicateUsernameFRException("Can't insert record", e);76
else 77
{78
doredirect = false;79
this.lblMessage.Visible = true;80
this.lblMessage.Text = "Insert couldn't be performed. ";81
}82
}83
catch(OutOfMemoryException e)84
{85
doredirect = false;86
this.lblMessage.Visible = true;87
this.lblMessage.Text = "We just run of out memory, " + 88
"please restart the application!";89
}90
catch(Exception e)91
{92
Trace.Warn("FriendsReunion",93
"An exception was thrown: " + e.Message.ToString());94
doredirect = false;95
this.lblMessage.Visible = true;96
this.lblMessage.Text = "Insert couldn't be performed. User name may be already taken.";97
}98
finally 99
{100
con.Close();101
}102
103
if (doredirect)104
Server.Transfer("Login.aspx");105
}106
}107