public static void InsertOrder(OrdersItem order)
{
// 这里应该不会有 SQL 注入问题
string sql = "INSERT INTO orders(orderid,account,money,starttime,endtime,remark,state,userid) VALUES (@orderid,@account,@money,@starttime,@endtime,@remark,@state,@userid)";
MySqlParameter[] sqlParameter = GetParameterArray(new string[] { "@orderid", "@account", "@money", "@starttime", "@endtime", "@remark", "@state", "@userid" },
new object[] { order.OrderId, order.Account, order.Amount, DateTime.Now.ToString("yyyy-MM-dd hh:mm:ss"), DateTime.Now.ToString("yyyy-MM-dd hh:mm:ss"), "", "3", ConfigurationManager.AppSettings["acount"] });
ConnHelper.GetcomPara(sql, sqlParameter);
}
/// <summary>
/// 更新订单的状态信息
///
/// 更新最后的时间和状态,根据订单编号
/// </summary>
/// <param name="order"></param>
public static void UpdateOrder(OrdersItem order, string state, string remark)
{
// 这里应该不会有 SQL 注入问题
string sql = "UPDATE orders SET endtime=@endtime,remark=@remark,state=@state WHERE orderid=@orderid";
MySqlParameter[] sqlParameter = GetParameterArray(new string[] { "@endtime", "@remark", "@state", "@orderid" },
new object[] { DateTime.Now.ToString("yyyy-MM-dd hh:mm:ss"), remark, state, order.OrderId });
ConnHelper.GetcomPara(sql, sqlParameter);
//string sql = "UPDATE orders SET account=@account,money=@money,endtime=@endtime,remark=@remark,state=@state WHERE orderid=@orderid";
//MySqlParameter[] sqlParameter = getParameterArray(new string[] { "@account", "@money", "@endtime", "@remark", "@state", "@orderid" },
//new object[] { order.Account, order.Amount, DateTime.Now.ToString("yyyy-MM-dd hh:mm:ss"), "", state, order.OrderId });
}
