1
private
void
InsertUser()
2 {
3 if (Page.IsValid)
4 {
5 // Save new user to the database
6 SqlConnection con;
7 string sql;
8 SqlCommand cmd;
9 StringBuilder sb = new StringBuilder();
10 ArrayList values = new ArrayList();
11
12 sb.Append("INSERT INTO [User] ");
13 sb.Append("(UserID, Login, Password, FirstName, LastName,");
14 sb.Append(" PhoneNumber, Email, IsAdministrator, Address,");
15 sb.Append(" CellNumber, DateOfBirth) ");
16 sb.Append("VALUES
('{0}', '{1}', '{2}', '{3}', '{4}', '{5}', '{6}', '{7}', ");
17
18 // Optional values without quotes as they can be the Null value.
19 sb.Append("{8}, {9}, {10})");
20
21 // Escape any quotation mark entered by the user
22 txtLogin.Text = txtLogin.Text.Replace("'","''");
23 txtPwd.Text = txtPwd.Text.Replace("'","''");
24 txtFName.Text = txtFName.Text.Replace("'","''");
25 txtLName.Text = txtLName.Text.Replace("'","''");
26 txtPhone.Text = txtPhone.Text.Replace("'","''");
27 txtMobile.Text = txtMobile.Text.Replace("'","''");
28 txtEmail.Text = txtEmail.Text.Replace("'","''");
29 txtAddress.Text = txtAddress.Text.Replace("'","''");
30 txtBirth.Text = txtBirth.Text.Replace("'","''");
31
32 // Add required values to replace
33 values.Add(Guid.NewGuid().ToString());
34 values.Add(txtLogin.Text);
35 values.Add(txtPwd.Text);
36 values.Add(txtFName.Text);
37 values.Add(txtLName.Text);
38 values.Add(txtPhone.Text);
39 values.Add(txtEmail.Text);
40 values.Add(0);
41
42 // Add the optional values or Null
43 if (txtAddress.Text != string.Empty)
44 values.Add("'" + txtAddress.Text + "'");
45 else
46 values.Add("Null");
47
48 if (txtMobile.Text != string.Empty)
49 values.Add("'" + txtMobile.Text + "'");
50 else
51 values.Add("Null");
52
53 if (txtBirth.Text != string.Empty)
54 values.Add("'" + txtBirth.Text + "'");
55 else
56 values.Add("Null");
57
58 // Format the string with the array of values
59 sql = String.Format(sb.ToString(), values.ToArray());
60
61 // Connect and execute the query
62 con = new SqlConnection(ConfigurationSettings.AppSettings["cnFriends.ConnectionString"]);
63 cmd = new SqlCommand(sql, con);
64 con.Open();
65
66 bool doredirect = true;
67
68 try
69 {
70 cmd.ExecuteNonQuery();
71 }
72 catch(SqlException e)
73 {
74 if (e.Number==2627)
75 throw new DuplicateUsernameFRException("Can't insert record", e);
76 else
77 {
78 doredirect = false;
79 this.lblMessage.Visible = true;
80 this.lblMessage.Text = "Insert couldn't be performed. ";
81 }
82 }
83 catch(OutOfMemoryException e)
84 {
85 doredirect = false;
86 this.lblMessage.Visible = true;
87 this.lblMessage.Text = "We just run of out memory, " +
88 "please restart the application!";
89 }
90 catch(Exception e)
91 {
92 Trace.Warn("FriendsReunion",
93 "An exception was thrown: " + e.Message.ToString());
94 doredirect = false;
95 this.lblMessage.Visible = true;
96 this.lblMessage.Text = "Insert couldn't be performed. User name may be already taken.";
97 }
98 finally
99 {
100 con.Close();
101 }
102
103 if (doredirect)
104 Server.Transfer("Login.aspx");
105 }
106 }
107
2 {
3 if (Page.IsValid)
4 {
5 // Save new user to the database
6 SqlConnection con;
7 string sql;
8 SqlCommand cmd;
9 StringBuilder sb = new StringBuilder();
10 ArrayList values = new ArrayList();
11
12 sb.Append("INSERT INTO [User] ");
13 sb.Append("(UserID, Login, Password, FirstName, LastName,");
14 sb.Append(" PhoneNumber, Email, IsAdministrator, Address,");
15 sb.Append(" CellNumber, DateOfBirth) ");
16 sb.Append("VALUES
('{0}', '{1}', '{2}', '{3}', '{4}', '{5}', '{6}', '{7}', ");
17
18 // Optional values without quotes as they can be the Null value.
19 sb.Append("{8}, {9}, {10})");
20
21 // Escape any quotation mark entered by the user
22 txtLogin.Text = txtLogin.Text.Replace("'","''");
23 txtPwd.Text = txtPwd.Text.Replace("'","''");
24 txtFName.Text = txtFName.Text.Replace("'","''");
25 txtLName.Text = txtLName.Text.Replace("'","''");
26 txtPhone.Text = txtPhone.Text.Replace("'","''");
27 txtMobile.Text = txtMobile.Text.Replace("'","''");
28 txtEmail.Text = txtEmail.Text.Replace("'","''");
29 txtAddress.Text = txtAddress.Text.Replace("'","''");
30 txtBirth.Text = txtBirth.Text.Replace("'","''");
31
32 // Add required values to replace
33 values.Add(Guid.NewGuid().ToString());
34 values.Add(txtLogin.Text);
35 values.Add(txtPwd.Text);
36 values.Add(txtFName.Text);
37 values.Add(txtLName.Text);
38 values.Add(txtPhone.Text);
39 values.Add(txtEmail.Text);
40 values.Add(0);
41
42 // Add the optional values or Null
43 if (txtAddress.Text != string.Empty)
44 values.Add("'" + txtAddress.Text + "'");
45 else
46 values.Add("Null");
47
48 if (txtMobile.Text != string.Empty)
49 values.Add("'" + txtMobile.Text + "'");
50 else
51 values.Add("Null");
52
53 if (txtBirth.Text != string.Empty)
54 values.Add("'" + txtBirth.Text + "'");
55 else
56 values.Add("Null");
57
58 // Format the string with the array of values
59 sql = String.Format(sb.ToString(), values.ToArray());
60
61 // Connect and execute the query
62 con = new SqlConnection(ConfigurationSettings.AppSettings["cnFriends.ConnectionString"]);
63 cmd = new SqlCommand(sql, con);
64 con.Open();
65
66 bool doredirect = true;
67
68 try
69 {
70 cmd.ExecuteNonQuery();
71 }
72 catch(SqlException e)
73 {
74 if (e.Number==2627)
75 throw new DuplicateUsernameFRException("Can't insert record", e);
76 else
77 {
78 doredirect = false;
79 this.lblMessage.Visible = true;
80 this.lblMessage.Text = "Insert couldn't be performed. ";
81 }
82 }
83 catch(OutOfMemoryException e)
84 {
85 doredirect = false;
86 this.lblMessage.Visible = true;
87 this.lblMessage.Text = "We just run of out memory, " +
88 "please restart the application!";
89 }
90 catch(Exception e)
91 {
92 Trace.Warn("FriendsReunion",
93 "An exception was thrown: " + e.Message.ToString());
94 doredirect = false;
95 this.lblMessage.Visible = true;
96 this.lblMessage.Text = "Insert couldn't be performed. User name may be already taken.";
97 }
98 finally
99 {
100 con.Close();
101 }
102
103 if (doredirect)
104 Server.Transfer("Login.aspx");
105 }
106 }
107