-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDefault.aspx.cs
executable file
·260 lines (186 loc) · 7.79 KB
/
Default.aspx.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
using System;
using System.Data;
using System.Web;
using System.Web.UI;
using MySql.Data.MySqlClient;
namespace blog
{
public partial class Default : System.Web.UI.Page
{
private bool LogIn()
{
return true; // Yet to be implemented
}
private void Page_Load()
{
string connectionString = "Server=localhost;Database=myblog;User ID=app_user;Password=dotnetpet;Pooling=false;";
MySqlConnection dbcon = new MySqlConnection(connectionString);
bool myAuth = LogIn();
int CategoryFilter = 0;
string PostQuery = null;
dbcon.Open ();
if (Request.Form ["CategoryFilterControl"] != null)
CategoryFilter = int.Parse (Request.Form ["CategoryFilterControl"]);
if (!myAuth) {
Response.Redirect ("LogIn.aspx");
}
if (Request.QueryString["action"] == "delete")
{
DeletePost(Request.QueryString["id"],dbcon);
Response.Redirect("Default.aspx");
}
if (Request.QueryString["action"] == "edit")
{
EditPost(Request.Form["idx"],dbcon);
}
if (Request.QueryString["action"] == "add")
{
AddPost(dbcon);
}
if (Request.QueryString["action"] == "edit" && Request.Form["title"] != null)
{
UpdatePost(Request.Form["idx"],dbcon);
//Response.Write (Request.Form["idx"]);
Response.Redirect("Default.aspx");
}
MySqlDataAdapter ContentAdapter;
if (CategoryFilter > 0) {
PostQuery = "SELECT Posts.PostID, CategoryName, PostTitle,PostSummary,PostText,PostDate " +
"FROM PostDetails " +
"LEFT JOIN Posts ON " +
"(Posts.PostId = PostDetails.PostID) " +
"LEFT JOIN Categories ON " +
"(Categories.CategoryID = Posts.CategoryID) " +
"WHERE Posts.CategoryID = " + CategoryFilter;
} else {
PostQuery = "SELECT Posts.PostID, CategoryName, PostTitle,PostSummary,PostText,PostDate " +
"FROM PostDetails " +
"LEFT JOIN Posts ON " +
"(Posts.PostId = PostDetails.PostID) " +
"LEFT JOIN Categories ON " +
"(Categories.CategoryID = Posts.CategoryID) ";
}
ContentAdapter = new MySqlDataAdapter (PostQuery, dbcon);
DataSet ds = new DataSet();
ContentAdapter.Fill(ds, "result");
MySqlDataAdapter WelcomeAdapter = new MySqlDataAdapter("SELECT ConfigValue FROM Config WHERE ConfigKey = 'welcome'", dbcon);
DataSet Welcomeds = new DataSet();
WelcomeAdapter.Fill(Welcomeds, "result");
MySqlDataAdapter FooterAdapter = new MySqlDataAdapter("SELECT ConfigValue FROM Config WHERE ConfigKey = 'footer'", dbcon);
DataSet Footerds = new DataSet();
FooterAdapter.Fill(Footerds, "result");
MySqlDataAdapter CategoryAdapter = new MySqlDataAdapter("SELECT CategoryID, CategoryName FROM Categories ", dbcon);
DataSet Categoryds = new DataSet();
CategoryAdapter.Fill(Categoryds, "result");
string NewsQuery = "SELECT Posts.PostID, CategoryName, PostTitle,PostSummary,PostText,PostDate " +
"FROM PostDetails " +
"LEFT JOIN Posts ON " +
"(Posts.PostId = PostDetails.PostID) " +
"LEFT JOIN Categories ON " +
"(Categories.CategoryID = Posts.CategoryID) ORDER BY RAND() LIMIT 3";
MySqlDataAdapter NewsAdapter = new MySqlDataAdapter(NewsQuery, dbcon);
DataSet Newsds = new DataSet();
NewsAdapter.Fill(Newsds, "result");
dbcon.Close();
dbcon = null;
WelcomeControl.DataSource = Welcomeds;
WelcomeControl.DataBind();
SampleControl.DataSource = ds;
SampleControl.DataBind();
FooterControl.DataSource = Footerds;
FooterControl.DataBind();
CategoryControl.DataSource = Categoryds;
CategoryControl.DataBind();
CategoryControl.SelectedValue = "1".ToString();
CategoryFilterControl.DataSource = Categoryds;
CategoryFilterControl.DataBind();
NewsControl.DataSource = Newsds;
NewsControl.DataBind();
}
private string AddNewCategory(string CategoryName, MySqlConnection dbcon )
{
MySqlCommand cmd;
cmd = new MySqlCommand ("INSERT INTO Categories (CategoryName) VALUES (?CategoryName)",dbcon);
cmd.Parameters.AddWithValue("?CategoryName", CategoryName );
cmd.ExecuteNonQuery();
cmd = new MySqlCommand("SELECT MAX(CategoryID) FROM Categories", dbcon);
string CategoryID = cmd.ExecuteScalar().ToString();
return(CategoryID.ToString());
}
private void AddPost(MySqlConnection dbcon )
{
if (Request.Form["title"] != null)
{
string category = Request.Form ["CategoryControl"];
string title = Request.Form["title"];
string summary = Request.Form["summary"];
string content = Request.Form["content"];
// User entered a new category to add
if (Request.Form ["CategoryName"] != null && Request.Form ["CategoryName"].Length > 0)
{
category = AddNewCategory (Request.Form ["CategoryName"],dbcon);
}
MySqlCommand cmd;
cmd = new MySqlCommand("Insert INTO Posts (CategoryID, PostTitle, PostSummary, OwnerID) VALUES (?CategoryID, ?PostTitle, ?PostSummary, ?OwnerID)", dbcon);
cmd.Parameters.AddWithValue("?CategoryID", category );
cmd.Parameters.AddWithValue("?PostTitle",Server.HtmlEncode(title));
cmd.Parameters.AddWithValue("?PostSummary",Server.HtmlEncode(summary));
cmd.Parameters.AddWithValue("?OwnerID", 1 );
cmd.ExecuteNonQuery();
cmd = new MySqlCommand("SELECT MAX(PostID) AS myPostID FROM Posts", dbcon);
int count = (int) cmd.ExecuteScalar();
cmd = new MySqlCommand("Insert INTO PostDetails (PostID, Sequence, PostText) VALUES (?PostID, ?Sequence, ?PostText)", dbcon);
cmd.Parameters.AddWithValue("?PostID",count);
cmd.Parameters.AddWithValue("?Sequence", 1 );
cmd.Parameters.AddWithValue("?PostText", content);
cmd.ExecuteNonQuery();
Response.Redirect("Default.aspx");
}
}
private void EditPost(string PostID,MySqlConnection dbcon )
{
MySqlDataAdapter ContentAdapter = new MySqlDataAdapter("SELECT Posts.PostID, PostTitle,PostText,PostSummary,PostDate FROM PostDetails Left Join Posts on (Posts.PostId = PostDetails.PostID) WHERE Posts.PostID=" + PostID, dbcon);
DataSet ds = new DataSet();
ContentAdapter.Fill(ds, "result");
EditControl.DataSource = ds;
EditControl.DataBind();
}
private void UpdatePost(string PostID, MySqlConnection dbcon )
{
string title = Request.Form["title"];
string summary = Request.Form["summary"];
string content = Request.Form["content"];
string category = Request.Form ["CategoryControl"];
// User entered a new category to add
if (Request.Form ["CategoryName"] != null && Request.Form ["CategoryName"].Length > 0)
{
category = AddNewCategory (Request.Form ["CategoryName"],dbcon);
}
MySqlCommand cmd;
cmd = new MySqlCommand("UPDATE Posts SET PostTitle = ?PostTitle,CategoryId = ?CategoryID, PostSummary = ?PostSummary, OwnerID = ?OwnerID WHERE PostID = ?PostID", dbcon);
cmd.Parameters.AddWithValue("?PostID",PostID);
cmd.Parameters.AddWithValue("?CategoryID",category);
cmd.Parameters.AddWithValue("?PostSummary",summary);
cmd.Parameters.AddWithValue("?PostTitle",title);
cmd.Parameters.AddWithValue("?OwnerID", 1 );
cmd.ExecuteNonQuery();
cmd = new MySqlCommand("UPDATE PostDetails SET PostText = ?PostText, Sequence = ?Sequence WHERE PostID = ?PostID", dbcon);
cmd.Parameters.AddWithValue("?PostID",PostID);
cmd.Parameters.AddWithValue("?Sequence", 1 );
cmd.Parameters.AddWithValue("?PostText", content);
cmd.ExecuteNonQuery();
Response.Redirect("Default.aspx");
}
private void DeletePost(string PostID,MySqlConnection dbcon )
{
MySqlCommand cmd;
cmd = new MySqlCommand("DELETE FROM Posts WHERE PostID = ?PostID", dbcon);
cmd.Parameters.AddWithValue("?PostID",PostID);
cmd.ExecuteNonQuery();
cmd = new MySqlCommand("DELETE FROM PostDetails WHERE PostID = ?PostID", dbcon);
cmd.Parameters.AddWithValue("?PostID",PostID);
cmd.ExecuteNonQuery();
Response.Redirect("Default.aspx");
}
}
}