public ActionResult Search(SEC014P001Model model) { if (ValidateCommand(model)) { var da = new SEC014P001DA(); SetStandardErrorLog(da.DTO); da.DTO.Execute.ExecuteType = SEC014P001ExecuteType.GetAll; da.DTO.Model = model; da.SelectNoEF(da.DTO); if (da.DTO.Result.ActionResult > -1) { if (da.DTO.Model.RECORD_COUNT != null) { return(Success(da.DTO.Result, new ResultOptions { Mode = "Query", SuccessMessage = "Sucess: " + da.DTO.Model.RECORD_COUNT + " row(s) affected" })); } else { return(JsonAllowGet(da.DTO.Model)); } } else { return(Success(da.DTO.Result, "Query")); } } else { return(Json(new WEBAPP.Models.AjaxResult("Query", false, AlertStyles.Error, "Can't execute this command : " + model.SQL_COMMAND))); } }
private bool ValidateCommand(SEC014P001Model model) { bool result = true; string[] strExp = { "INSERT", "UPDATE", "DELETE", "TRUNCATE" }; char[] strSparater = { ' ' }; string[] strComm = model.SQL_COMMAND.Split(strSparater); for (int i = 0; i < strComm.Length; i++) { for (int j = 0; j < strExp.Length; j++) { if (strComm[i].Trim().ToUpper().Equals(strExp[j])) { result = false; } if (!result) { break; } } } return(result); }