Retrieve and insert the value from one table to another at the same time

advertisements

I am developing shopping cart for my project and i'm having trouble on how to retrieve orderid and insert into another table.

I have two tables in sql server

Order
orderid (PK) | date| orderstatus| name| shippingaddress| contactnumber| totalprice| customerid|

Order_book
orderid (PK) | ISBN (PK)| quantity

I wanted to retrieve orderid from order table and insert it into order_book, whenever order is submitted to the database, orderid in order table is an identity int with increment of 1.

what are the best options to retrieve and insert at the same time from one table to another using c#?

Thanks.

codes::

protected void checkout_Click(object sender, EventArgs e)
{
    SQLInjection sql = new SQLInjection();
    String name;
    String address;
    int contactnumber;
    if (newaddresspanel.Visible == true)
    {
       name = sql.SafeSqlLiteral(NameLabel.Text, 2);
       address = Address1.Text + " " + Address2.Text + "," + PostalCode.Text + "," + State.SelectedItem.Value;
       contactnumber =  int.Parse(Telephone1.SelectedItem.Value) + int.Parse(Telephone2.Text);
       insertDetails(name, address, contactnumber);
    }
    else if (defaultaddresspanel.Visible)
    {
        SqlConnection myConnection = new SqlConnection(ConfigurationManager.ConnectionStrings["BookWormDBConnectionString"].ConnectionString);//connect to database
        SqlCommand bindDetails = new SqlCommand("SELECT NAME, ADDRESS, TELEPHONE_NUMBER FROM CUSTOMER WHERE CUSTOMERID = @username", myConnection);

        bindDetails.Parameters.Add("@username", SqlDbType.VarChar);
        bindDetails.Parameters["@username"].Value = username;

        try
        {
            myConnection.Open();
            SqlDataReader reader = bindDetails.ExecuteReader();
            while (reader.Read())
            {
                name = reader["NAME"].ToString();
                address = reader["ADDRESS"].ToString();
                contactnumber = int.Parse(reader["TELEPHONE_NUMBER"].ToString());
                insertDetails(name, address, contactnumber);

                }
            reader.Dispose();
            myConnection.Close();
        }
        catch (SqlException se)
        {

        }
    }
    try
    {
        cart = (DataTable)HttpContext.Current.Session["Cart"];
        foreach (DataRow dr in cart.Rows)
        {
            int isbn = int.Parse(dr["ISBN"].ToString());
            int quantity = int.Parse(dr["quantity"].ToString());
            insertOrderbook(isbn, quantity);
        }

    }

    catch (Exception ae)
    {

        Response.Write(ae.Message);

    }

Insert orderbook : "Which failed"

protected void insertOrderbook(int isbn, int quantity)
{

    int orderid;
    SqlConnection myConnection = new SqlConnection(ConfigurationManager.ConnectionStrings["BookWormDBConnectionString"].ConnectionString);//connect to database
    SqlCommand orderId = new SqlCommand("SELECT SCOPE_IDENTITY() FROM ORDERBOOK", myConnection);

    try
    {
        myConnection.Open();

        orderid = int.Parse(orderId.ExecuteScalar().ToString());
            SqlCommand insertOrderBook = new SqlCommand("INSERT INTO ORDERBOOK_BOOK (ISBN, ORDERID, QUANTITY) VALUES (@isbn, @orderid, @quantity)", myConnection);

            insertOrderBook.Parameters.Add("@isbn", SqlDbType.Int);
            insertOrderBook.Parameters["@isbn"].Value = isbn;

            insertOrderBook.Parameters.Add("@orderid", SqlDbType.Int);
            insertOrderBook.Parameters["@orderid"].Value = orderid;

            insertOrderBook.Parameters.Add("@quantity", SqlDbType.Int);
            insertOrderBook.Parameters["@quantity"].Value = quantity;

            insertOrderBook.ExecuteNonQuery();
            myConnection.Close();
        }
    catch (SqlException se)
    {
        Response.Write(se.Message);
    }
}

insert order details ::

protected void insertDetails(string name, string address, int contactnumber)
{
    SqlConnection myConnection = new SqlConnection(ConfigurationManager.ConnectionStrings["BookWormDBConnectionString"].ConnectionString);//connect to database
    SqlCommand orderDetails = new SqlCommand("INSERT INTO ORDERBOOK (DATE, ORDERSTATUS, TOTALPRICE, SHIPPING_ADD, CUSTOMERID, NAME, CONTACTNUMBER) VALUES (@date, @orderstatus, @totalprice, @shippingadd, @username, @name, @contactnumber)", myConnection);
    orderDetails.Parameters.Add("@date", SqlDbType.DateTime);
    orderDetails.Parameters["@date"].Value = getTime();

    orderDetails.Parameters.Add("@orderstatus", SqlDbType.VarChar);
    orderDetails.Parameters["@orderstatus"].Value = "Order Processing";

    orderDetails.Parameters.Add("@totalprice", SqlDbType.Decimal);
    orderDetails.Parameters["@totalprice"].Value = totalPrice;

    orderDetails.Parameters.Add("@shippingadd", SqlDbType.VarChar);
    orderDetails.Parameters["@shippingadd"].Value = address;

    orderDetails.Parameters.Add("@name", SqlDbType.VarChar);
    orderDetails.Parameters["@name"].Value = name;

    orderDetails.Parameters.Add("@contactnumber", SqlDbType.Int);
    orderDetails.Parameters["@contactnumber"].Value = contactnumber;

    orderDetails.Parameters.Add("@username", SqlDbType.VarChar);
    orderDetails.Parameters["@username"].Value = username;

    try {
        myConnection.Open();
        orderDetails.ExecuteNonQuery();
        myConnection.Close();

    }
    catch ( SqlException se)
    {

    }
}

Error: input string was not in correct format

I tried to debug it, somehow, orderid shows 0


You are doing this select

SELECT SCOPE_IDENTITY() FROM ORDERBOOK

What you should do is add an output parameter (let's say, @orderBookId) to your order book insert SP, and on it, right after the insert, you should do

SELECT @orderBookId = SCOPE_IDENTITY()

notice there is no FROM clause, and be sure to add the parameter on your C# code, as an output parameter.

Then, when inserting the details, simply add @orderBookId as an input parameter and that's it.