Информатика и выч. техника \ Базы данных

Создание веб-приложения, сочетающего в себе проектирование и создание баз данных, работу со сторонними форматами данных, программирование в NET и веб-разработку, страница 68

            string server_db = "localhost";

            connectionString = ("server=" + server_db + "; user id=" + user_db + "; password=" + password_db + "; database=" + database + "");

            MySqlConnection conn = null;

            try

            {

                //ОБЪЯВЛЕНИЕ

                conn = new MySqlConnection(connectionString);

                conn.Open();

                string team="";

                string sql;

                MySqlCommand comm = null;

                MySqlDataReader reader = null;

                //ВЫБИРАЕМ ID КОМАНДЫ

                sql = "SELECT name FROM teams WHERE id = " + id + ";";

                comm = new MySqlCommand(sql, conn);

                reader = comm.ExecuteReader();

                while (reader.Read())

                {

                    team = reader[0].ToString();

                }

                reader.Close();

                conn.Close();

                return team;

            }

            catch (MySqlException exp)

            {

                conn.Close();

                return null;

            }

        }

        public static bool setTeam(string UserName, string team)

        {

            string database = "powerplay";

            string password_db = "admin";

            string user_db = "root";

            string server_db = "localhost";

            connectionString = ("server=" + server_db + "; user id=" + user_db + "; password=" + password_db + "; database=" + database + "");

            MySqlConnection conn = null;

            try

            {

                //ОБЪЯВЛЕНИЕ

                conn = new MySqlConnection(connectionString);

                conn.Open();

                string sql;

                string id = null;

                string allteams = "";

                MySqlCommand comm = null;

                MySqlDataReader reader = null;

                //ВЫБИРАЕМ ID КОМАНДЫ

                sql = "SELECT id FROM teams WHERE name = '" + team + "';";

                comm = new MySqlCommand(sql, conn);

                reader = comm.ExecuteReader();

                while (reader.Read())

                {

                    id = reader[0].ToString();

                }

                reader.Close();

                if (id == null || id == "")

                {

                    conn.Close();

                    return false;

                }

                //ПРОВЕРЯЕМ, ЕСТЬ ЛИ УЖЕ ТАКОЙ ЮЗЕР

                else

                {

                    sql = "SELECT team FROM auth_user WHERE name ='"+UserName+"'";

                    comm = new MySqlCommand(sql, conn);

                    reader = comm.ExecuteReader();

                    while (reader.Read())

                    {

                        allteams = reader[0].ToString();

                    }

                    reader.Close();

                    if (allteams == null || allteams.Equals("") || allteams.Equals(" "))

                    {

                        sql = "UPDATE auth_user SET team='" + id + "' WHERE name='" + UserName + "';";

                        comm = new MySqlCommand(sql, conn);

                        comm.ExecuteNonQuery();

                        conn.Close();

                        return true;

                    }

                    else

                    {

                        sql = "UPDATE auth_user SET team='" + allteams + "," + id + "' WHERE name='" + UserName + "';";

                        comm = new MySqlCommand(sql, conn);

                        comm.ExecuteNonQuery();

                        conn.Close();

Скачать файл