I have this code here:
public class clsDataLayer
{
// This function saves the personnel data
public static bool SavePersonnel(string Database, string FirstName, string LastName,
string PayRate, string StartDate, string EndDate)
{
bool recordSaved;
try
{
// Retrieving information
OleDbConnection conn = new OleDbConnection("PROVIDER=Microsoft.Jet.OLEDB.4.0;" +
"Data Source=" + Database);
conn.Open();
OleDbCommand command = conn.CreateCommand();
string strSQL;
// Inserting information into the table
strSQL = "Insert into tblPersonnel " +
"(FirstName, LastName, PayRate, StartDate, EndDate) values ('" +
FirstName + "', '" + LastName + "', " + PayRate + ", '" + StartDate +
"', '" + EndDate + "')";
// Gets the statement to execute at the data source
command.CommandType = CommandType.Text;
command.CommandText = strSQL;
// Executes the SQL statement and returns the number of rows
command.ExecuteNonQuery();
// Closes the connection to the data source
conn.Close();
recordSaved = true;
}
catch (Exception)
{
recordSaved = false;
}
return recordSaved;
}
// This function gets the user activity from the tblUserActivity
public static dsUserActivity GetUserActivity(string Database)
{
// States the classes used
dsUserActivity DS;
OleDbConnection sqlConn;
OleDbDataAdapter sqlDA;
// Defines sqlConnclass and what each will consist of
sqlConn = new OleDbConnection("PROVIDER=Microsoft.Jet.OLEDB.4.0;" +
"Data Source=" + Database);
// Defines sqlDA and what each will consist of
sqlDA = new OleDbDataAdapter("select * from tblUserActivity", sqlConn);
// Defines DS and what each will consist of
DS = new dsUserActivity();
// Outputs the results from the information gathered
sqlDA.Fill(DS.tblUserActivity);
// Starts over for a new user
return DS;
}
// This function saves the user activity
public static void SaveUserActivity(string Database, string FormAccessed)
{
// Defines the connection to the database
OleDbConnection conn = new OleDbConnection("PROVIDER=Microsoft.Jet.OLEDB.4.0;" +
"Data Source=" + Database);
conn.Open();
OleDbCommand command = conn.CreateCommand();
string strSQL;
strSQL = "Insert into tblUserActivity (UserIP, FormAccessed) values ('" +
GetIP4Address() + "', '" + FormAccessed + "')";
command.CommandType = CommandType.Text;
command.CommandText = strSQL;
command.ExecuteNonQuery();
conn.Close();
}
// This function gets the IP Address
public static string GetIP4Address()
{
string IP4Address = string.Empty;
foreach (IPAddress IPA in
Dns.GetHostAddresses(HttpContext.Current.Request.UserHostAddress))
{
if (IPA.AddressFamily.ToString() == "InterNetwork")
{
IP4Address = IPA.ToString();
break;
}
}
if (IP4Address != string.Empty)
{
return IP4Address;
}
foreach (IPAddress IPA in Dns.GetHostAddresses(Dns.GetHostName()))
{
if (IPA.AddressFamily.ToString() == "InterNetwork")
{
IP4Address = IPA.ToString();
break;
}
}
return IP4Address;
}
public clsDataLayer()
{
}
public static dsPersonnel GetPersonnel(string p)
{
throw new NotImplementedException();
}
}
I need to add this code but everytime I do I get an error that says No overload for method ‘GetPersonnel’ takes ‘1’ arguments
// This function gets the user activity from the tblPersonnel
public static dsPersonnel GetPersonnel(string Database, string strSearch)
{
dsPersonnel DS;
OleDbConnection sqlConn;
OleDbDataAdapter sqlDA;
//create the connection string
sqlConn = new OleDbConnection("PROVIDER=Microsoft.Jet.OLEDB.4.0;" +
"Data Source=" + Database);
string query;
if (strSearch == "" || strSearch.Trim().Length == 0)
{
query = "SELECT * from tblPersonnel";
}
else
{
query = "select * from tblPersonnel where LastName = '" + strSearch + "'";
}
// Defines sqlDA and what each will consist of
sqlDA = new OleDbDataAdapter("select * from tblPersonnel", sqlConn);
// Defines DS and what each will consist of
DS = new dsPersonnel();
// Outputs the results from the information gathered
sqlDA.Fill(DS.tblPersonnel);
// Starts over for a new user
return DS;
}
// This function saves the user activity
public static void SavePersonnel(string Database, string FormAccessed)
{
// Defines the connection to the database
OleDbConnection conn = new OleDbConnection("PROVIDER=Microsoft.Jet.OLEDB.4.0;" +
"Data Source=" + Database);
conn.Open();
OleDbCommand command = conn.CreateCommand();
string strSQL;
strSQL = "Insert into tblPersonnel (UserIP, FormAccessed) values ('" +
GetIP4Address() + "', '" + FormAccessed + "')";
command.CommandType = CommandType.Text;
command.CommandText = strSQL;
command.ExecuteNonQuery();
conn.Close();
}
It looks like you’re defining
twice in the same class. I suspect you are REPLACING the single-arg version with the two-arg version but somewhere you’re still calling the single-arg version.
I know you’re not asking for this sort of input, but I can’t help myself…
You should wrap your OleDbConnections in a using block to make sure they get closed like so:
Not sure where your strSearch data is coming from, but you’re setting yourself up for a nasty SQL Injection attack with this line:
you should use SQL parameters or a stored procedure.