public ActionResult Search(SEC014P001Model model)
{
if (ValidateCommand(model))
{
var da = new SEC014P001DA();
SetStandardErrorLog(da.DTO);
da.DTO.Execute.ExecuteType = SEC014P001ExecuteType.GetAll;
da.DTO.Model = model;
da.SelectNoEF(da.DTO);
if (da.DTO.Result.ActionResult > -1)
{
if (da.DTO.Model.RECORD_COUNT != null)
{
return(Success(da.DTO.Result, new ResultOptions {
Mode = "Query", SuccessMessage = "Sucess: " + da.DTO.Model.RECORD_COUNT + " row(s) affected"
}));
}
else
{
return(JsonAllowGet(da.DTO.Model));
}
}
else
{
return(Success(da.DTO.Result, "Query"));
}
}
else
{
return(Json(new WEBAPP.Models.AjaxResult("Query", false, AlertStyles.Error, "Can't execute this command : " + model.SQL_COMMAND)));
}
}
private bool ValidateCommand(SEC014P001Model model)
{
bool result = true;
string[] strExp = { "INSERT", "UPDATE", "DELETE", "TRUNCATE" };
char[] strSparater = { ' ' };
string[] strComm = model.SQL_COMMAND.Split(strSparater);
for (int i = 0; i < strComm.Length; i++)
{
for (int j = 0; j < strExp.Length; j++)
{
if (strComm[i].Trim().ToUpper().Equals(strExp[j]))
{
result = false;
}
if (!result)
{
break;
}
}
}
return(result);
}
