Esempi in C# (CSharp) per AdminForm.MySQLEscape

Esempio n. 1

        private bool rectorLogin(out int r_id)
        {
            string          login        = textBox1.Text;
            string          pass_hash    = sha1(textBox2.Text);
            string          CommandText  = "SELECT COUNT(*) FROM univer_admins WHERE login =\"" + AdminForm.MySQLEscape(login) + "\" AND password =\"" + pass_hash + "\"";
            string          Connect      = Properties.Settings.Default.MainConnectionString;
            MySqlConnection myConnection = new MySqlConnection(Connect);
            MySqlCommand    myCommand    = new MySqlCommand(CommandText, myConnection);

            myConnection.Open();
            int result = int.Parse(myCommand.ExecuteScalar().ToString());

            if (result < 1)
            {
                r_id = -1;
                MessageBox.Show("Помилка входу!");
                textBox1.Text = "";
                textBox2.Text = "";
                myConnection.Close();
                return(false);
            }
            CommandText = "SELECT id FROM univer_admins WHERE login =\"" + AdminForm.MySQLEscape(login) + "\" AND password =\"" + pass_hash + "\" LIMIT 1";
            myCommand   = new MySqlCommand(CommandText, myConnection);
            r_id        = int.Parse(myCommand.ExecuteScalar().ToString());
            myConnection.Close();
            return(true);
        }

Esempio n. 2

File: NewGroupForm.cs Progetto: artem2302/CourseQuality

        private void applyChanges()
        {
            try
            {
                if (checkFields())
                {
                    button1.Enabled = false;
                    string          query      = "INSERT INTO groups(id_facutlies, name) VALUES(" + fac_id.ToString() + ", \"" + AdminForm.MySQLEscape(groupNameBox.Text) + "\")";
                    MySqlConnection connection = new MySqlConnection(Properties.Settings.Default.MainConnectionString);
                    MySqlCommand    sqlCom     = new MySqlCommand(query, connection);
                    connection.Open();
                    try
                    {
                        sqlCom.ExecuteNonQuery();
                    }
                    catch (Exception e)
                    {
                        MessageBox.Show("Помилка створення групи!");
                        button1.Enabled = true;
                        return;
                    }

                    query  = "SELECT id FROM groups WHERE name = \"" + AdminForm.MySQLEscape(groupNameBox.Text) + "\" LIMIT 1 ";
                    sqlCom = new MySqlCommand(query, connection);
                    int group_id = int.Parse(sqlCom.ExecuteScalar().ToString());

                    query = "INSERT INTO students(name, stud_nomer, password, id_groups) VALUES";
                    foreach (var field in enterFields)
                    {
                        query += "(\"" + AdminForm.MySQLEscape(field.studentNameBox.Text) + "\", "
                                 + int.Parse(field.idNumberBox.Text) + ", "
                                 + "\"" + LoginForm.sha1(field.passwordBox.Text) + "\", "
                                 + group_id.ToString() + "),";
                    }
                    query  = query.Remove(query.LastIndexOf(','));
                    sqlCom = new MySqlCommand(query, connection);
                    sqlCom.ExecuteNonQuery();
                    connection.Close();
                    button1.Enabled = true;
                    makeGroupList();
                    Close();
                }
                else
                {
                    MessageBox.Show("Присутнi пустi поля або нецифровi символи в номерах студентських квиткiв!");
                }
            }
            catch (Exception e)
            {
                MessageBox.Show("Помилка! Перевiрте правильнiсть даних");
                button1.Enabled = true;
            }
        }

Esempio n. 3

File: NewCourseForm.cs Progetto: artem2302/CourseQuality

 private void saveall()
 {
     if (newCourseNameBox.Text == "")
     {
         MessageBox.Show("Невiрна назва курсу!");
     }
     else
     {
         string          correctName = AdminForm.MySQLEscape(newCourseNameBox.Text);
         string          query       = "INSERT INTO courses(name, id_tutors) VALUES(\"" + correctName + "\", " + tut_id.ToString() + ")";
         MySqlConnection connection  = new MySqlConnection(Properties.Settings.Default.MainConnectionString);
         connection.Open();
         MySqlCommand sqlCom = new MySqlCommand(query, connection);
         sqlCom.ExecuteNonQuery();
         connection.Close();
         MessageBox.Show("Курс додано!");
         Close();
     }
 }

Esempio n. 4

 private void saveall()
 {
     if (depNameBox.Text == "")
     {
         MessageBox.Show("Назва не може бути пустою!");
     }
     else
     {
         string query = "INSERT INTO departments(id_facutlies, name) VALUES(" + fac_id.ToString()
                        + ", \"" + AdminForm.MySQLEscape(depNameBox.Text) + "\")";
         MySqlConnection connection = new MySqlConnection(Properties.Settings.Default.MainConnectionString);
         connection.Open();
         MySqlCommand sqlCom = new MySqlCommand(query, connection);
         sqlCom.ExecuteNonQuery();
         connection.Close();
         MessageBox.Show("Успiшно додано!");
         Close();
     }
 }

Esempio n. 5

File: NewTutorForm.cs Progetto: artem2302/CourseQuality

        private void saveall()
        {
            if (textBox1.Text == "")
            {
                MessageBox.Show("Некоректне iм\'я!");
            }
            else
            {
                string query = "INSERT INTO tutors(id_departments, name) VALUES(" + dep_id.ToString()
                               + ", \"" + AdminForm.MySQLEscape(textBox1.Text) + "\")";

                MySqlConnection connection = new MySqlConnection(Properties.Settings.Default.MainConnectionString);
                MySqlCommand    command    = new MySqlCommand(query, connection);
                connection.Open();
                command.ExecuteNonQuery();
                connection.Close();
                MessageBox.Show("Успiшно додано!");
                Close();
            }
        }

Esempio n. 6

        private void sendResults()
        {
            string insertAnswersString = @"INSERT INTO `answers` 
(`id_students`, `id_courses`, `a1`, `a2`, `a3`, `a4`, `a5`, `a6`, `a7`,
`a8`, `a9`, `a10`, `a11`, `a12`, `a13`, `a14`, `a15`, `a16`, `a17`, `a18`, `a19`,
`a20`, `a21`, `a22`, `a23`, `a24`, `a25`, `a26`, `a27`, `a28`, `a29`, `a30`, `a31`, `a32`, `a33`,
`a34`, `a35`, `a36`, `a37`, `a38`, `a39`)
VALUES(" + studId + ", " + CourseId;

            foreach (int i in answers)
            {
                insertAnswersString += ", " + i;
            }
            insertAnswersString += ");\n";
            string insertCommentsString = @"INSERT INTO `comments`
(`id_students`,`id_courses`, `c1`,`c2`,`c3`,`c4`,`c5`,`c6`,`c7`,`c8`,`c9`)
VALUES(" + studId + ", " + CourseId;

            foreach (string s in comments)
            {
                if (s.Length > 0)
                {
                    insertCommentsString += ", \"" + AdminForm.MySQLEscape(s) + "\"";
                }
                else
                {
                    insertCommentsString += ", NULL";
                }
            }
            insertCommentsString += ");";
            string resultingQuery = insertAnswersString + insertCommentsString;
            //MessageBox.Show(resultingQuery);

            MySqlConnection connection = new MySqlConnection(Properties.Settings.Default.MainConnectionString);
            MySqlCommand    sqlCom     = new MySqlCommand(resultingQuery, connection);

            connection.Open();
            sqlCom.ExecuteNonQuery();
        }

Esempio n. 7

File: newFacForm.cs Progetto: artem2302/CourseQuality

 private void addFac()
 {
     if (facNameBoxC.Text == "")
     {
         MessageBox.Show("Назва не може бути пустою!");
     }
     else
     {
         string          query      = "INSERT INTO facutlies(name) VALUES(\"" + AdminForm.MySQLEscape(facNameBoxC.Text) + "\")";
         MySqlConnection connection = new MySqlConnection(Properties.Settings.Default.MainConnectionString);
         connection.Open();
         MySqlCommand sqlCom = new MySqlCommand(query, connection);
         sqlCom.ExecuteNonQuery();
         connection.Close();
         MessageBox.Show("Успiшно додано!");
         Close();
     }
 }

Esempio n. 8

File: newStudentForm.cs Progetto: artem2302/CourseQuality

 private void saveNewStudentButton_Click(object sender, EventArgs e)
 {
     if (checkFields())
     {
         studentNameBox.ReadOnly = true;
         idNumberBox.ReadOnly    = true;
         string          query      = "INSERT INTO students(name, stud_nomer, password, id_groups) VALUES(\"" + AdminForm.MySQLEscape(studentNameBox.Text) + "\", " + AdminForm.MySQLEscape(idNumberBox.Text) + ", \"" + LoginForm.sha1(passwordBox.Text) + "\", " + gr_id.ToString() + ")";
         MySqlConnection connection = new MySqlConnection(Properties.Settings.Default.MainConnectionString);
         connection.Open();
         MySqlCommand command = new MySqlCommand(query, connection);
         command.ExecuteNonQuery();
         connection.Close();
         MessageBox.Show("Студента додано! Пароль скопiйовано до буферу обмiну");
         Clipboard.SetText(passwordBox.Text);
         Close();
     }
     else
     {
         MessageBox.Show("Присутнi пустi поля або невiрний номер квитка!");
     }
 }