/// <summary>
///
/// </summary>
/// <param name="commandType"></param>
/// <param name="commandText"></param>
/// <param name="commandParameters"></param>
/// <param name="ds"></param>
/// <param name="tableName"></param>
/// <returns></returns>
public override DataSet ExecuteDataset(CommandType commandType, string commandText,
QueryParameterCollection commandParameters, DataSet ds, string tableName)
{
try
{
var cmd = new OracleCommand();
PrepareCommand(cmd, commandType, commandText, commandParameters);
var adapter = new OracleDataAdapter(cmd);
if (Equals(tableName, null) || (tableName.Length < 1))
{
adapter.Fill(ds);
}
else
{
adapter.Fill(ds, tableName);
}
base.SyncParameter(commandParameters);
cmd.Parameters.Clear();
return ds;
}
catch
{
if (trans != null)
{
RollbackTransaction();
}
throw;
}
finally
{
Close();
}
}
/// <summary>
/// ExecuteXmlReader
/// </summary>
/// <param name="commandText"></param>
/// <param name="commandParameters"></param>
/// <returns></returns>
public XmlReader ExecuteXmlReader(string commandText, QueryParameterCollection commandParameters)
{
return ExecuteXmlReader(CommandType.Text, commandText, commandParameters);
}
internal static int CheckSQLText(QueryParameterCollection commandParameters, out string notallow)
{
notallow = "";
if (commandParameters == null) return 1;
foreach (var item in commandParameters)
{
var parameter = item as QueryParameter;
if (parameter == null)
continue;
if (CheckSQLText(parameter.Value.ToString(), out notallow) == -1)
return -1;
}
return 1;
}
public void CheckSQLTextTest_params_有注入()
{
var commandParameters = new QueryParameterCollection { new QueryParameter { Value = "'" } }; // TODO: 初始化为适当的值
string notallow = string.Empty; // TODO: 初始化为适当的值
string notallowExpected = "'"; // TODO: 初始化为适当的值
int expected = -1; // TODO: 初始化为适当的值
int actual;
actual = CheckSQL.CheckSQLText(commandParameters, out notallow);
Assert.AreEqual(notallowExpected, notallow);
Assert.AreEqual(expected, actual);
//Assert.Inconclusive("验证此测试方法的正确性。");
}
/// <summary>
///
/// </summary>
/// <param name="cmd"></param>
/// <param name="commandType"></param>
/// <param name="commandText"></param>
/// <param name="commandParameters"></param>
private void PrepareCommand(OracleCommand cmd, CommandType commandType, string commandText,
QueryParameterCollection commandParameters)
{
cmd.CommandType = commandType;
cmd.CommandText = commandText;
cmd.Connection = (OracleConnection) m_DbConnection;
cmd.Transaction = (OracleTransaction) trans;
if ((commandParameters != null) && (commandParameters.Count > 0))
{
for (int i = 0; i < commandParameters.Count; i++)
{
commandParameters[i].InitRealParameter(DatabaseType.Oracle);
cmd.Parameters.Add(commandParameters[i].RealParameter as OracleParameter);
}
}
Open();
}
/// <summary>
///
/// </summary>
/// <param name="commandType"></param>
/// <param name="commandText"></param>
/// <param name="commandParameters"></param>
/// <returns></returns>
public override object ExecuteScalar(CommandType commandType, string commandText,
QueryParameterCollection commandParameters)
{
try
{
var cmd = new OracleCommand();
PrepareCommand(cmd, commandType, commandText, commandParameters);
object obj2 = cmd.ExecuteScalar();
base.SyncParameter(commandParameters);
cmd.Parameters.Clear();
return obj2;
}
catch
{
if (trans != null)
{
RollbackTransaction();
}
throw;
}
finally
{
Close();
}
}
/// <summary>
/// 参数准备
/// </summary>
/// <param name="cmd"></param>
/// <param name="commandType"></param>
/// <param name="commandText"></param>
/// <param name="commandParameters"></param>
private void PrepareCommand(SqlCommand cmd, CommandType commandType, string commandText,
QueryParameterCollection commandParameters)
{
cmd.CommandType = commandType;
cmd.CommandText = commandText;
cmd.Connection = (SqlConnection)m_DbConnection;
cmd.Transaction = (SqlTransaction)trans;
if (commandText.IndexOf("''") >= 0)
{
var blankname = "@____blankchar_______";
commandText = commandText.Replace("''", blankname);
if (commandParameters == null) commandParameters = new QueryParameterCollection();
commandParameters.Add(blankname, "");
}
if ((commandParameters != null) && (commandParameters.Count > 0))
{
for (int i = 0; i < commandParameters.Count; i++)
{
commandParameters[i].InitRealParameter(DatabaseType.MSSQLServer);
cmd.Parameters.Add(commandParameters[i].RealParameter as SqlParameter);
}
}
Open();
//if (this.checkSQL)
//{
string notallow = string.Empty;
//所有的执行方式都检查参数,包括存储过程和SQL语句
//if (CheckSQL.CheckSQLText(commandParameters, out notallow) <= 0) //语句中有不允许的内容,如果是开发人员写的,请改写sql语句或写存储过程实现
//{
// Dev.Log.Loger.Error("sql语句中不允许出现:" + notallow);
// throw new Exception("数据格式不正确!!!");
//}
//}
//if (this.checkParms)
//{
//string notallow;
if (!commandType.Equals(CommandType.StoredProcedure) && CheckSQL.CheckSQLText(commandText, out notallow) <= 0)
//语句中有不允许的内容,如果是开发人员写的,请改写sql语句或写存储过程实现
{
Loger.Error("sql语句中不允许出现:" + notallow);
throw new Exception("数据格式不正确!!!注入字符" + notallow);
}
//}
//DBLog.AddLog("", commandType, commandText, commandParameters);
}
/// <summary>
/// ExecuteNonQuery
/// </summary>
/// <param name="commandType"></param>
/// <param name="commandText"></param>
/// <param name="commandParameters"></param>
/// <returns></returns>
public override int ExecuteNonQuery(CommandType commandType, string commandText,
QueryParameterCollection commandParameters)
{
try
{
var cmd = new SqlCommand();
PrepareCommand(cmd, commandType, commandText, commandParameters);
int num = cmd.ExecuteNonQuery();
base.SyncParameter(commandParameters);
cmd.Parameters.Clear();
return num;
}
catch
{
exceptioned = true;
throw;
}
finally
{
Close();
}
}
/// <summary>
/// ExecuteDataset
/// </summary>
/// <param name="commandType"></param>
/// <param name="commandText"></param>
/// <param name="commandParameters"></param>
/// <param name="ds"></param>
/// <param name="tableName"></param>
/// <returns></returns>
public abstract DataSet ExecuteDataset(CommandType commandType, string commandText,
QueryParameterCollection commandParameters, DataSet ds, string tableName);
/// <summary>
/// ExecuteDataset
/// </summary>
/// <param name="commandText"></param>
/// <param name="commandParameters"></param>
/// <param name="ds"></param>
/// <param name="tableName"></param>
/// <returns></returns>
public DataSet ExecuteDataset(string commandText, QueryParameterCollection commandParameters, DataSet ds,
string tableName)
{
return ExecuteDataset(CommandType.Text, commandText, commandParameters, ds, tableName);
}
/// <summary>
/// ExecuteDataset
/// </summary>
/// <param name="commandType"></param>
/// <param name="commandText"></param>
/// <param name="commandParameters"></param>
/// <param name="tableName"></param>
/// <returns></returns>
public DataSet ExecuteDataset(CommandType commandType, string commandText,
QueryParameterCollection commandParameters, string tableName)
{
return ExecuteDataset(commandType, commandText, commandParameters, new DataSet(), tableName);
}
/// <summary>
/// ExecuteDataset
/// </summary>
/// <param name="commandType"></param>
/// <param name="commandText"></param>
/// <param name="commandParameters"></param>
/// <param name="ds"></param>
/// <returns></returns>
public DataSet ExecuteDataset(CommandType commandType, string commandText,
QueryParameterCollection commandParameters, DataSet ds)
{
return ExecuteDataset(commandType, commandText, commandParameters, ds, null);
}
/// <summary>
/// ExecuteDataset
/// </summary>
/// <param name="commandText"></param>
/// <param name="commandParameters"></param>
/// <returns></returns>
public DataSet ExecuteDataset(string commandText, QueryParameterCollection commandParameters)
{
return ExecuteDataset(CommandType.Text, commandText, commandParameters, new DataSet(), null);
}
/// <summary>
///
/// </summary>
/// <param name="commandType"></param>
/// <param name="commandText"></param>
/// <param name="commandParameters"></param>
/// <returns></returns>
public override int ExecuteNonQuery(CommandType commandType, string commandText,
QueryParameterCollection commandParameters)
{
try
{
var cmd = new OleDbCommand();
PrepareCommand(cmd, commandType, commandText, commandParameters);
int num = cmd.ExecuteNonQuery();
base.SyncParameter(commandParameters);
cmd.Parameters.Clear();
return num;
}
catch
{
if (trans != null)
{
RollbackTransaction();
}
throw;
}
finally
{
Close();
}
}
/// <summary>
/// ExecuteXmlReader
/// </summary>
/// <param name="commandType"></param>
/// <param name="commandText"></param>
/// <param name="commandParameters"></param>
/// <returns></returns>
public abstract XmlReader ExecuteXmlReader(CommandType commandType, string commandText,
QueryParameterCollection commandParameters);
/// <summary>
/// 同步参数
/// </summary>
/// <param name="commandParameters"></param>
protected void SyncParameter(QueryParameterCollection commandParameters)
{
if ((commandParameters != null) && (commandParameters.Count > 0))
{
for (int i = 0; i < commandParameters.Count; i++)
{
commandParameters[i].SyncParameter();
}
}
}
/// <summary>
/// ExecuteNonQuery
/// </summary>
/// <param name="commandText"></param>
/// <param name="commandParameters"></param>
/// <returns></returns>
public int ExecuteNonQuery(string commandText, QueryParameterCollection commandParameters)
{
return ExecuteNonQuery(CommandType.Text, commandText, commandParameters);
}
/// <summary>
/// ExecuteXmlReader
/// </summary>
/// <param name="commandType"></param>
/// <param name="commandText"></param>
/// <param name="commandParameters"></param>
/// <returns></returns>
public override XmlReader ExecuteXmlReader(CommandType commandType, string commandText,
QueryParameterCollection commandParameters)
{
try
{
var cmd = new SqlCommand();
PrepareCommand(cmd, commandType, commandText, commandParameters);
XmlReader reader = cmd.ExecuteXmlReader();
base.SyncParameter(commandParameters);
cmd.Parameters.Clear();
return reader;
}
catch
{
//if (trans != null)
//{
// RollbackTransaction();
//}
exceptioned = true;
throw;
}
finally
{
Close();
}
}
/// <summary>
/// ExecuteNonQuery
/// </summary>
/// <param name="commandType"></param>
/// <param name="commandText"></param>
/// <param name="commandParameters"></param>
/// <returns></returns>
public abstract int ExecuteNonQuery(CommandType commandType, string commandText,
QueryParameterCollection commandParameters);
/// <summary>
///
/// </summary>
/// <param name="commandType"></param>
/// <param name="commandText"></param>
/// <param name="commandParameters"></param>
/// <returns></returns>
public override IDataReader ExecuteReader(CommandType commandType, string commandText,
QueryParameterCollection commandParameters)
{
var cmd = new OracleCommand();
PrepareCommand(cmd, commandType, commandText, commandParameters);
OracleDataReader reader = cmd.ExecuteReader();
base.SyncParameter(commandParameters);
cmd.Parameters.Clear();
return reader;
}
/// <summary>
///
/// </summary>
/// <param name="action"></param>
/// <param name="commandText"></param>
/// <param name="commandParameters"></param>
public void ExecuteReader(Action<IDataReader> action, string commandText,
QueryParameterCollection commandParameters)
{
ExecuteReader(action, CommandType.Text, commandText, commandParameters);
}
/// <summary>
///
/// </summary>
/// <param name="commandType"></param>
/// <param name="commandText"></param>
/// <param name="commandParameters"></param>
/// <returns></returns>
public override XmlReader ExecuteXmlReader(CommandType commandType, string commandText,
QueryParameterCollection commandParameters)
{
XmlReader reader2;
DataSet set = base.ExecuteDataset(commandType, commandText);
base.SyncParameter(commandParameters);
var input = new StringReader(set.GetXml());
try
{
reader2 = new XmlTextReader(input);
}
catch (Exception exception)
{
input.Close();
throw exception;
}
return reader2;
}
/// <summary>
///
/// </summary>
/// <param name="action"></param>
/// <param name="commandType"></param>
/// <param name="commandText"></param>
/// <param name="commandParameters"></param>
public void ExecuteReader(Action<IDataReader> action, CommandType commandType, string commandText,
QueryParameterCollection commandParameters)
{
IDataReader reader = null;
try
{
reader = ExecuteReader(commandType, commandText, commandParameters);
action(reader);
}
finally
{
if (reader != null)
reader.Close();
Close();
}
}
/// <summary>
/// ExecuteScalar
/// </summary>
/// <param name="commandText"></param>
/// <param name="commandParameters"></param>
/// <returns></returns>
public object ExecuteScalar(string commandText, QueryParameterCollection commandParameters)
{
return ExecuteScalar(CommandType.Text, commandText, commandParameters);
}
/// <summary>
/// ExecuteScalar
/// </summary>
/// <param name="commandType"></param>
/// <param name="commandText"></param>
/// <param name="commandParameters"></param>
/// <returns></returns>
public abstract object ExecuteScalar(CommandType commandType, string commandText,
QueryParameterCollection commandParameters);
public void CheckSQLTextTest_params_to_Array()
{
var commandParameters = new QueryParameterCollection { new QueryParameter { Value = "'" } }; // TODO: 初始化为适当的值
var casted = commandParameters.Cast<QueryParameter>();
foreach (var item in casted)
{
var s = item.Value.ToString();
}
//Assert.Inconclusive("验证此测试方法的正确性。");
}
public void AddLogTest()
{
for (var i = 0; i < 10000; i++)
{
// Dev.Log.Loger.Severity = Dev.Log.LogSeverity.Debug;
//Dev.Log.SingletonLogger.Instance.Attach(new Dev.Log.ObserverLogToConsole());
string method = string.Empty; // TODO: 初始化为适当的值
var cmdType = CommandType.Text; // TODO: 初始化为适当的值
string cmdText = "select * from datab1ase"; // TODO: 初始化为适当的值
var cmdParms = new QueryParameterCollection(); // TODO: 初始化为适当的值
cmdParms.Add("@asdf", "asdfasdf");
cmdParms.Add("@bbb","aaaaaa-1");
}
}
