using System; using System.Data; using System.Data.Sql; using System.Data.SqlClient; using System.Configuration; using System.Collections; using System.Web; using System.Web.Security; using System.Web.UI; using System.Web.UI.WebControls; using System.Web.UI.WebControls.WebParts; using System.Web.UI.HtmlControls; public partial class messagecompose : System.Web.UI.Page { public string connectionString = "Data Source=THIS-9110C42D72\\SQLEXPRESS;Initial Catalog=webproms;Integrated Security=True"; protected void Page_Load(object sender, EventArgs e) { if (Page.IsPostBack) { PanelCompose.Visible = false; PanelSent.Visible = true; } else { PanelCompose.Visible = true; PanelSent.Visible = false; if (Request.QueryString["messageID"] != null) { SqlConnection conn = new SqlConnection(connectionString); conn.Open(); String sqlstring; SqlCommand getMessage; SqlDataReader messages; sqlstring = "SELECT * FROM messaging INNER JOIN accounts ON messaging.accountID = accounts.accountID WHERE (messaging.messageID = '" + Request.QueryString["messageID"] + "' AND (messaging.messageRecipentID = '" + Session["id"] + "' OR messaging.accountID = '" + Session["id"] + "'))"; getMessage = new SqlCommand(sqlstring, conn); messages = getMessage.ExecuteReader(); while (messages.Read()) { txtSubject.Text = "RE: " + messages["messageSubject"].ToString(); txtMessage.Text = "\n\n\n----------------------------------------\nOn " + messages["messageDate"].ToString() + ", " + messages["accountUsername"].ToString() + " sent:\n\n" + messages["messageMessage"].ToString() + "\n----------------------------------------\n"; } } } } protected void btnSend_Click(object sender, EventArgs e) { WebProMSDB.InsertCommand = "INSERT INTO messaging(accountID, messageRecipentID, messageSubject, messageMessage, messageStatus) VALUES ('" + Session["id"] + "', '" + LBTo.SelectedValue + "', '" + txtSubject.Text + "', '" + txtMessage.Text + "', 0)"; Page.Title = WebProMSDB.InsertCommand; WebProMSDB.Insert(); PanelCompose.Visible = false; PanelSent.Visible = true; } }