C# (CSharp) SafeValue.SafeSqlString Beispiele

Beispiel #1

Datei: L.cs Projekt: felix-wei/tsllog1806

    public static void Error(string typ, string error, string trace)
    {
        //string _user = HttpContext.Current.User.Identity.Name;
        string _ip     = SafeValue.SafeString(HttpContext.Current.Request.ServerVariables.Get("REMOTE_ADDR"));
        string _method = SafeValue.SafeString(HttpContext.Current.Request.ServerVariables.Get("HTTP_METHOD"));
        string _url    = SafeValue.SafeString(HttpContext.Current.Request.ServerVariables.Get("HTTP_URL"));
        string _agent  = SafeValue.SafeString(HttpContext.Current.Request.ServerVariables.Get("HTTP_USER_AGENT"));
        string _auth   = HttpContext.Current.Request.IsAuthenticated ? "Y" : "N";
        string _user   = !HttpContext.Current.Request.IsAuthenticated ? "Guest" : HttpContext.Current.User.Identity.Name;


        SqlConnection conn = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["local"].ConnectionString);

        conn.Open();
        string sql = string.Format(@"insert into LogError(
		LogType,LogUser,LogTime,
		LogAction,LogModule,LogEntity,LogKey,
		ErrorInfo, ErrorTrace, 
		HttpAddress,HttpMethod, HttpUrl, HttpAgent,HttpAuth) 
		values('0','{1}',GetDate(),
		'','','','',
		@error, @trace,
		'{2}','{3}','{4}','{5}','{6}'
		)"        ,
                                   typ, _user, _ip, _method, _url, _agent, _auth);
        SqlCommand cmd = new SqlCommand(sql, conn);

        cmd.Parameters.Add(new SqlParameter("@error", error));
        cmd.Parameters.Add(new SqlParameter("@trace", trace));
        SafeValue.SafeSqlString(cmd.ExecuteNonQuery());
        conn.Close();
    }

Beispiel #2

Datei: MastType.aspx.cs Projekt: felix-wei/tsllog1806

    protected void grid_RowUpdating(object sender, DevExpress.Web.Data.ASPxDataUpdatingEventArgs e)
    {
        e.NewValues["Description"] = SafeValue.SafeString(e.NewValues["Description"]);
        string type = SafeValue.SafeSqlString(Request.QueryString["type"]);

        this.dsWhMastData.FilterExpression = "Type='" + type + "'";
    }

Beispiel #3

Datei: MastType.aspx.cs Projekt: felix-wei/tsllog1806

    protected void grid_InitNewRow(object sender, DevExpress.Web.Data.ASPxDataInitNewRowEventArgs e)
    {
        string type = SafeValue.SafeSqlString(Request.QueryString["type"]);

        e.NewValues["Code"]        = "";
        e.NewValues["Description"] = " ";
        e.NewValues["Type"]        = type;
    }

Beispiel #4

Datei: MastType.aspx.cs Projekt: felix-wei/tsllog1806

 protected void Page_Load(object sender, EventArgs e)
 {
     if (!IsPostBack)
     {
         string type = SafeValue.SafeSqlString(Request.QueryString["type"]);
         this.dsWhMastData.FilterExpression = "Type='" + type + "'";
     }
 }

Beispiel #5

 static public string GetPortName(object portCode)
 {
     if (SafeValue.SafeString(portCode, "").Length > 0)
     {
         string sql = "select name from XXPort where Code='" + portCode + "'";
         return(SafeValue.SafeSqlString(C2.Manager.ORManager.ExecuteScalar(sql)));
     }
     return("");
 }

Beispiel #6

 static public string GetPartyName(object partyId)
 {
     if (SafeValue.SafeString(partyId, "").Length > 0)
     {
         string sql = "select name from XXParty where PartyId='" + partyId + "'";
         return(SafeValue.SafeSqlString(C2.Manager.ORManager.ExecuteScalar(sql)));
     }
     return("");
 }

Beispiel #7

Datei: MastType.aspx.cs Projekt: felix-wei/tsllog1806

    protected void grid_RowInserting(object sender, DevExpress.Web.Data.ASPxDataInsertingEventArgs e)
    {
        if (SafeValue.SafeString(e.NewValues["Code"], "").Length < 1)
        {
            e.Cancel = true;
            throw new Exception("The Code not null");
        }
        e.NewValues["Description"] = SafeValue.SafeString(e.NewValues["Description"]);
        string type = SafeValue.SafeSqlString(Request.QueryString["type"]);

        e.NewValues["Type"] = type;
        this.dsWhMastData.FilterExpression = "Type='" + type + "'";
    }

Beispiel #8

    static public string GetPartyId(object partyName)
    {
        if (SafeValue.SafeString(partyName, "").Length > 0)
        {
            string        value = "";
            SqlConnection conn  = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["SqlConnectString"].ConnectionString);
            conn.Open();

            SqlCommand   cmd  = new SqlCommand("select PartyId from XXParty where Name=@name", conn);
            SqlParameter para = new SqlParameter("@name", SqlDbType.VarChar, 1000); //创建一个名为@p_user,类型为varchar,长度为20的参数。
            para.Value = partyName;                                                 //给para赋值p.puSER。
            cmd.Parameters.Add(para);                                               //给cmd命令添加参数。
            value = SafeValue.SafeSqlString(cmd.ExecuteScalar());
            conn.Close();
            return(value);
        }
        return("");
    }