public ActionResult DelSysInfo(int SCodeByDel = 0) { /*參數透過AntiXss編碼*/ SCodeByDel = Convert.ToInt16(AntiXssEncoder.HtmlEncode(SCodeByDel.ToString(), true)); /*初始化宣告*/ App_Code.clsUtility objUtil = null; string SqlCmd = ""; try { objUtil = new App_Code.clsUtility(); using (var SqlConn = new SqlConnection(objUtil.ConnStrDecrypt(ConfigurationManager.ConnectionStrings["TGWLogs"].ConnectionString))) { SqlCmd = "DELETE SYSTEM_LIST WHERE intSYS_CODE = @SysCode"; var SqlParams = new { @SysCode = SCodeByDel }; SqlConn.Execute(SqlCmd, SqlParams); return(RedirectToAction("SysList", "TGW", new { PageIdx = 1 })); } } catch (Exception ex) { return(RedirectToAction("Exception", "TGW", new { @MsgCont = ex.Message })); } }
private void OWASP_Verify(string ParamValue) { App_Code.clsUtility objUtil = null; try { if (ParamValue != null) { objUtil = new App_Code.clsUtility(); /*XSS檢查*/ if (objUtil.VerifyOfXss(ParamValue) == false) { RedirectToAction("Exception", "TGW", new { @MsgCont = "參數含有XSS內容" }); } /*SqlInjection檢查*/ if (objUtil.VerifyOfSqlInject(ParamValue) == false) { RedirectToAction("Exception", "TGW", new { @MsgCont = "參數含有SqlInjection內容" }); } } } catch (Exception ex) { throw new Exception(ex.Message); } finally { objUtil = null; } }
private IEnumerable <Models.CosesTlog> getTlogSendState(string TxStartDate = "", string TxEndDate = "", string CardNo = "") { IEnumerable <Models.CosesTlog> QryRst = null; App_Code.clsUtility objUtil = null; string SqlCmd = ""; try { objUtil = new App_Code.clsUtility(); using (var SqlConn = new SqlConnection(objUtil.ConnStrDecrypt(ConfigurationManager.ConnectionStrings["TGWLogs"].ConnectionString))) { SqlCmd = "EXEC SP_TLOG_SENDSTATE @TxDateST,@TxDateED,500,'','',@CardNo"; var SqlParams = new { @TxDateST = TxStartDate, @TxDateED = TxEndDate, @CardNo = CardNo }; QryRst = SqlConn.Query <Models.CosesTlog>(SqlCmd, SqlParams); return(QryRst); } } catch (Exception) { return(QryRst); } finally { QryRst = null; } }
private IEnumerable <Models.ISOTextOfTX300> getTX300SendStat(string DateST = "", string DateED = "", string CardNo = "") { IEnumerable <Models.ISOTextOfTX300> QryRst = null; App_Code.clsUtility objUtil = null; string SqlCmd = ""; try { objUtil = new App_Code.clsUtility(); using (var Sqlconn = new SqlConnection(objUtil.ConnStrDecrypt(ConfigurationManager.ConnectionStrings["TGWLogs"].ConnectionString))) { SqlCmd = "EXEC SP_TX300_SENDSTATE @StartDate,@EndDate,1,500,@CardNo"; var SqlParams = new { @StartDate = DateST, @EndDate = DateED, @CardNo = CardNo }; QryRst = Sqlconn.Query <Models.ISOTextOfTX300>(SqlCmd, SqlParams); return(QryRst); } } catch (Exception) { return(QryRst); } finally { QryRst = null; } }
public ActionResult UpdSysInfo(Models.TaskOfUpdate FormCols) { /*欄位Validation*/ if (ModelState.IsValid == false) { return(View(FormCols)); } /*初始化宣告*/ App_Code.clsUtility objUtil = null; string SqlCmd = ""; try { /*OWASP檢查*/ OWASP_Verify(FormCols.SysName); OWASP_Verify(FormCols.GrpName); /*參數透過AntiXss編碼*/ FormCols.SysCode = Convert.ToInt16(AntiXssEncoder.HtmlEncode(FormCols.SysCode.ToString(), true)); FormCols.SysName = AntiXssEncoder.HtmlEncode(FormCols.SysName, true); FormCols.GrpName = AntiXssEncoder.HtmlEncode(FormCols.GrpName, true); objUtil = new App_Code.clsUtility(); using (var SqlConn = new SqlConnection(objUtil.ConnStrDecrypt(ConfigurationManager.ConnectionStrings["TGWLogs"].ConnectionString))) { SqlCmd = "UPDATE SYSTEM_LIST SET " + "varSYS_DESC = @SysName," + "varOWN_GRP = @GrpName," + "dtMODIFY_DATE = GETDATE() " + "WHERE intSYS_CODE = @SysCode"; var SqlParams = new { @SysCode = FormCols.SysCode, @SysName = Server.HtmlDecode(FormCols.SysName), @GrpName = Server.HtmlDecode(FormCols.GrpName) }; SqlConn.Execute(SqlCmd, SqlParams); } TempData["ExeRst"] = "【" + Server.HtmlDecode(FormCols.SysName) + "】更新成功"; return(RedirectToAction("SysList", "TGW", new { PageIdx = 1, SystemName = FormCols.SysName })); } catch (Exception ex) { return(RedirectToAction("Exception", "TGW", new { @MsgCont = ex.Message })); } finally { objUtil = null; } }
public ActionResult InsSysInfo(Models.TaskOfCreate FormCols) { /*欄位Validation*/ if (ModelState.IsValid == false) { return(View(FormCols)); } /*初始化宣告*/ App_Code.clsUtility objUtil = null; string SqlCmd = ""; try { /*OWASP檢查*/ OWASP_Verify(FormCols.SysName); OWASP_Verify(FormCols.GrpName); /*參數透過AntiXss編碼*/ FormCols.SysName = AntiXssEncoder.HtmlEncode(FormCols.SysName, true); FormCols.GrpName = AntiXssEncoder.HtmlEncode(FormCols.GrpName, true); objUtil = new App_Code.clsUtility(); using (var SqlConn = new SqlConnection(objUtil.ConnStrDecrypt(ConfigurationManager.ConnectionStrings["TGWLogs"].ConnectionString))) { SqlCmd = "INSERT INTO SYSTEM_LIST (intSYS_CODE,varSYS_DESC,varOWN_GRP,dtMODIFY_DATE) " + "VALUES " + "((SELECT MAX(intSYS_CODE) + 1 FROM SYSTEM_LIST),@SysName,@GrpName,GETDATE())"; var SqlParams = new { @SysName = Server.HtmlDecode(FormCols.SysName), @GrpName = Server.HtmlDecode(FormCols.GrpName) }; SqlConn.Execute(SqlCmd, SqlParams); TempData["ExeRst"] = "【" + Server.HtmlDecode(FormCols.SysName) + "】新增成功"; return(RedirectToAction("SysList", "TGW")); } } catch (Exception ex) { return(RedirectToAction("Exception", "TGW", new { @MsgCont = ex.Message })); } finally { objUtil = null; } }
private IEnumerable <Models.FullSysInfo> getSysInfo(string SystemName = "", string GroupName = "") { IEnumerable <Models.FullSysInfo> QryRst = null; App_Code.clsUtility objUtil = null; string SqlCmd = ""; try { objUtil = new App_Code.clsUtility(); using (var SqlConn = new SqlConnection(objUtil.ConnStrDecrypt(ConfigurationManager.ConnectionStrings["TGWLogs"].ConnectionString))) { SqlCmd = "SELECT intSYS_CODE AS SysCode,varSYS_DESC AS SysName," + "varOWN_GRP AS GrpName,dtMODIFY_DATE AS ModDate " + "FROM SYSTEM_LIST"; QryRst = SqlConn.Query <Models.FullSysInfo>(SqlCmd); if (SystemName != null) { QryRst = QryRst.Where(s => s.SysName.Contains(SystemName)); } if (GroupName != null) { QryRst = QryRst.Where(s => s.GrpName.Contains(GroupName)); } return(QryRst); } } catch (Exception) { return(QryRst); } finally { QryRst = null; } }