Example #1
0
        /// <summary>
        /// This function will replace string values for SQL statements to prevent SQL injection.
        /// </summary>
        /// <param name="args">Ordered array of params.</param>
        /// <returns>Status of the method's atempt to connect.</returns>
        protected virtual long popSQL(MySql.Data.MySqlClient.MySqlCommand cmd, Data.Object data)
        {
            long status = -1;

            if (data != null)
            {
                foreach (String prop in data.getPropertyNames())
                {
                    if (data.get(prop) != null)
                    {
                        cmd.Parameters.AddWithValue("@" + prop, data.get(prop));
                    }
                    else
                    {
                        cmd.Parameters.AddWithValue("@" + prop, "");
                    }
                }
            }
            return(status);
        }
Example #2
0
        public override int save(string tableName, Data.Object row)
        {
            int status = -1;

            MySql.Data.MySqlClient.MySqlConnection dbConn = this.ConnectAsync() as MySql.Data.MySqlClient.MySqlConnection;

            if (dbConn != null && dbConn.State == System.Data.ConnectionState.Open)
            {
                String sql = "";
                try
                {
                    sql = "INSERT INTO `" + tableName + "` (\n";
                    String        cols    = "";
                    String        values  = "";
                    String        col_val = "";
                    List <String> props   = new List <String>();
                    props.AddRange(row.getPropertyNames());
                    props.Sort();
                    Entity ent = null;
                    foreach (Entity e in this.Entities)
                    {
                        if (e.Name == tableName)
                        {
                            ent = e;
                            break;
                        }
                    }
                    foreach (String prop in props)
                    {
                        if (row.get(prop) != null)
                        {
                            cols += "`" + prop + "`, ";
                        }
                        if (row.get(prop) != null)
                        {
                            values += "@" + prop + ", ";
                        }
                        if (ent != null && !ent.UniqueColumns.Contains(prop))
                        {
                            col_val += "`" + prop + "`= @" + prop + ", ";
                        }
                    }
                    cols   = cols.Substring(0, cols.Length - 2);
                    sql   += cols + ") ";
                    sql   += "\nValues(";
                    values = values.Substring(0, values.Length - 2);
                    sql   += values + ") ";
                    sql   += "\nON DUPLICATE KEY ";

                    sql    += "\nUPDATE \n";
                    col_val = col_val.Substring(0, col_val.Length - 2);
                    sql    += col_val + ";";

                    var cmd = dbConn.CreateCommand();
                    cmd.CommandText = sql;
                    popSQL(cmd, row);
                    status = cmd.ExecuteNonQuery();
                }
                catch (Exception ex)
                {
                    if (m_DebugInfo)
                    {
                        Console.WriteLine("Error [{0}]: {1}", tableName, ex.Message);
                    }
                    status = -2;
                }
                finally
                {
                    if (dbConn != null)
                    {
                        try
                        {
                            dbConn.Close();
                        }
                        finally
                        {
                            dbConn.Dispose();
                        }
                    }
                }
                decrementOpenConnections();
            }
            return(status);
        }