order_add.aspx.cs

OA系统,数据库为SQLSever 。net c#

using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;

public partial class OrderInfo_Order_Add : System.Web.UI.Page
{
    WebService webService = new WebService();
    protected void Page_Load(object sender, EventArgs e)
    {
        if (Session["UserID"] == null || Session["UserLevel"] == null)
        {
            Response.Redirect("~/Error.aspx");
        }
        if (Session["UserLevel"].ToString() != "部门经理" && Session["UserLevel"].ToString() != "职员")
        {
            Response.Redirect("~/Error.aspx");
        }
        string strSql = "SELECT z_Department.Dept_Name FROM z_Person INNER JOIN z_Department ON z_Person.Person_DeptID = z_Department.Dept_ID where z_Person.Person_ID='" + Session["UserID"].ToString() + "';";
        DataTable table = webService.ExcuteSelect(strSql);
        this.lblDept.Text = table.Rows[0]["Dept_Name"].ToString();
    }
    protected void btnSubmit_Click(object sender, EventArgs e)
    {
        if (this.tbNum.Text == "")
        {
            this.lblMsg.Text = "请输入购买数量！";
        }
        else
        {
            string strSql = "Select Product_Price from z_Product where Product_ID='"+this.DropDownList2.SelectedValue+"';";
            DataTable table = webService.ExcuteSelect(strSql);
            int intProductPrice =Int32.Parse(table.Rows[0]["Product_Price"].ToString());
            int num = Int32.Parse(this.tbNum.Text);
            int intOrderPrice = intProductPrice*num;
            strSql = "Select Person_DeptID from z_Person where Person_ID='" + Session["UserID"].ToString() + "';";
            table = webService.ExcuteSelect(strSql);
            string strDeptID = table.Rows[0]["Person_DeptID"].ToString();
            strSql = "Insert into z_Order(Client_ID,Product_ID,Product_Price,Order_Price,Order_AddDate,Order_AddPersonID,Product_Num,Dept_ID) values ('" + this.DropDownList1.SelectedValue + "','" + this.DropDownList2.SelectedValue + "','" + intProductPrice.ToString() + "','" + intOrderPrice.ToString() + "','" + DateTime.Now + "','" + Session["UserID"].ToString() + "','" + num.ToString() + "','"+strDeptID+"');";
            webService.ExcuteSql(strSql);
            Response.Redirect("Order_List.aspx");
        }
    }
    protected void btnCancel_Click(object sender, EventArgs e)
    {
        Response.Redirect("Order_List.aspx");
    }
}