/// <summary>
/// 获取短信发送记录的收信人信息
/// </summary>
/// <param name="workUser"></param>
/// <param name="sjmlIds"></param>
/// <returns></returns>
public DataTable RetrieveDxjbSendSxr_List(AppUser workUser, string sjmlIds)
{
SqlParameterCollection sp = DB.CreateSqlParameterCollection();
string sql = @" select * from Gwtz_Sjml a where a.SjmlID in ("
+ AntiSqlInjection.ParameterizeInClause(sjmlIds, "@para", ref sp) + ") ";
return(DB.ExeSqlForDataTable(sql, sp, "dt"));
}
/// <summary>
/// 删除指定的工作指示编号的回复记录
/// </summary>
/// <param name="gzzsId"></param>
/// <returns></returns>
public bool DeleteOnlyGzzshfById(string gzzsId)
{
SqlParameterCollection sp = DB.CreateSqlParameterCollection();
string sql = " delete from dbo.Szgkjc_Gzhf where GzzsId in ("
+ AntiSqlInjection.ParameterizeInClause(gzzsId, "@para", ref sp) + ") ";
return(DB.ExecuteNonQuerySql2(sql, sp) > 0);
}
/// <summary>
/// 删除短信简报的联系人信息
/// </summary>
/// <param name="dxjbId"></param>
/// <returns></returns>
public bool DeleteZJG_Dxjb_Sjml(string dxjbId)
{
SqlParameterCollection sp = DB.CreateSqlParameterCollection();
string sql = " delete from Szgkjc_Dxjb_Sjml where DxjbId in ("
+ AntiSqlInjection.ParameterizeInClause(dxjbId, "@para", ref sp) + ") ";
return(DB.ExecuteNonQuerySql2(sql, sp) > 0);
}
public string GetRytj(int pRyzyzglxID)
{
SqlParameterCollection sp = DB.CreateSqlParameterCollection();
//string sql = @"select count(0) from uepp_ryjbxx a inner join uepp_ryzyzg b on a.ryid=b.ryid inner join uepp_qyry c on a.ryid=c.ryid inner join uepp_qyjbxx d on c.qyid=d.qyid
//where b.ryzyzglxid=" + pRyzyzglxID;
string sql = @"select count(0) from (select distinct a.rowid row_id, a.ryid,a.xm,a.zjlx,a.zjhm,c.qyid,c.qymc,a.zczh,a.sylx,a.zcjb,nvl(a.lxdh,a.yddh) lxdh,a.datastate,c.county,c.provinceid,c.province,c.rowid qyrowid
from uepp_ryjbxx a inner join uepp_qyry b on a.ryid=b.ryid inner join uepp_qyjbxx c on b.qyid=c.qyid where a.ryid in (select ryid from UEPP_Ryzyzg where ryzyzglxid in ("
+ AntiSqlInjection.ParameterizeInClause(pRyzyzglxID.ToString(), "@para", ref sp) + ")))";
return(DB.ExeSqlForString(sql, sp));
}
public DataTable GetAp_zjsbb_byDeptCode(string date, string deptCode)
{
SqlParameterCollection sp = this.DB.CreateSqlParameterCollection();
string sql = @"SELECT * FROM dbo.Ap_zjsbb b
WHERE SUBSTRING(convert(VARCHAR(30), updateDate, 120), 1, 10)=@date
AND Status != 1
AND UpdateUser in (" + AntiSqlInjection.ParameterizeInClause(deptCode, "@para", ref sp) + ")";
sp.Add("@date", date);
return(DB.ExeSqlForDataTable(sql, sp, "dt_Ap_zjsbb"));
}
/// <summary>
/// 获取安监申报表
/// </summary>
/// <param name="date">申报日期</param>
/// <param name="countryCodes">区划代码</param>
/// <returns></returns>
public DataTable GetAp_ajsbb(string date, string countryCodes)
{
SqlParameterCollection sp = this.DB.CreateSqlParameterCollection();
string sql = @"SELECT b.uuid,b.xmmc
,b.PrjNum
,b.PrjName
,b.Ajjgmc
,b.AjCorpCode
,b.PrjSize
,b.EconCorpName
,b.EconCorpCode
,b.PrjApprovalNum
,b.BuldPlanNum
,b.ProjectPlanNum
,b.CityNum
,b.CountyNum
,b.PrjTypeNum
,b.sPrjTypeNum
,b.PrjFunctionNum
,b.sbr
,b.sbryddh
,b.CreateDate
,b.sfzps
,b.sfbz
,b.jdz
,b.wdz
,b.mj
,b.zj
,b.jgcc
,b.sbmb
,b.sfjk
,b.sgxkz
,b.UpdateFlag
,b.UpdateTime
,b.UpdateUser
,b.updateDate
,u.countryCode
,i.superviseStatus
FROM dbo.Ap_ajsbb b
LEFT JOIN dbo.Ap_api_user u ON u.deptCode = b.UpdateUser
LEFT JOIN dbo.Ap_ajsbb_info i ON i.uuid = b.uuid
WHERE SUBSTRING(convert(VARCHAR(30), b.updateDate, 120), 1, 10)=@date
AND countryCode in (" + AntiSqlInjection.ParameterizeInClause(countryCodes, "@para", ref sp) + ")";
sp.Add("@date", date);
return(DB.ExeSqlForDataTable(sql, sp, "dt_Ap_ajsbb"));
}
protected void cmdGo_Click(object sender, EventArgs e)
{
try
{
string strPlayer1 = AntiSqlInjection.ValidateSqlValue(txtHandle.Text);
lblName.Text = strPlayer1;
MMData mmd = new MMData(GetConnectionString());
int nGameID = mmd.P2_MM_Initialize(strPlayer1, 6);
CreateNewGameBoard(nGameID);
hdnGameID.Value = nGameID.ToString();
pnlName.Visible = false;
pnlGame.Visible = true;
}
catch (Exception ex)
{
return;
}
}
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
if (Request.QueryString["DebugGameID"] != null)
{
// Load a game and show
string strGameID = AntiSqlInjection.ValidateSqlValue(Request.QueryString["DebugGameID"]);
Int32.TryParse(strGameID, out _nGameID);
hdnGameID.Value = _nGameID.ToString();
// Successfully got existing game
if (_nGameID > 0)
{
CreateNewGameBoard(_nGameID);
pnlName.Visible = false;
pnlGame.Visible = true;
return;
}
}
}
}
public string GetQytj(string qylx)
{
SqlParameterCollection sp = DB.CreateSqlParameterCollection();
string sql = "";
if (qylx == "jsdw")
{
sql = "select count(0) from uepp_jsdw ";
}
else
{
string csywlxID = "";
switch (qylx)
{
case "sgdw":
csywlxID = "1,2,3";
break;
case "kcsjdw":
csywlxID = "5,6";
break;
case "zjjg":
csywlxID = "4,7,8,9";
break;
case "qt":
csywlxID = "''";
break;
}
sql = "select count(0) from uepp_qyjbxx a inner join uepp_qycsyw b on a.qyid=b.qyid where b.csywlxid in ("
+ AntiSqlInjection.ParameterizeInClause(csywlxID, "@para", ref sp) + ")";
}
return(DB.ExeSqlForString(sql, sp));
}
protected void cmdLoginSanitized_Click(object sender, EventArgs e)
{
string strUsername = String.Empty;
string strPassword = String.Empty;
// Check for Valid Username and Password fields
try
{
strUsername = AntiSqlInjection.ValidateSqlValue(txtUsername.Text);
strPassword = AntiSqlInjection.ValidateSqlValue(txtPassword.Text);
}
catch (Exception ex)
{
lblError.Text = "Invalid username or password: "******"DefaultConnection"].ConnectionString;
//string strCommand = "SELECT * FROM Users WHERE UserName = '******' " +
// "AND Password='******'";
string strCommand = "SELECT * FROM Users WHERE UserName = '******' " +
"AND Password='******'";
using (SqlConnection connection = new SqlConnection(strConnection))
{
using (SqlCommand sqlCommand = new SqlCommand(strCommand, connection))
{
sqlCommand.CommandType = CommandType.Text;
connection.Open();
object objVal = sqlCommand.ExecuteScalar();
strValidatedUser = (string)objVal;
}
}
}
catch (Exception ex)
{
lblError.Text = "Invalid username or password: "******"User", strValidatedUser);
Response.Redirect("Customers/LoginArea.aspx");
// Some successful sign-in
// IdentityHelper.SignIn(manager, user, RememberMe.Checked);
// IdentityHelper.RedirectToReturnUrl(Request.QueryString["ReturnUrl"], Response);
}
else
{
lblError.Text = "Invalid username or password " + strValidatedUser;
lblError.Visible = true;
}
}
public DataTable RetrieveQyxykp(string qylx, AppUser userInfo, FilterTranslator ft, int pageSize, int pageIndex, string orderby, out int allRecordCount)
{
SqlParameterCollection sp = DB.CreateSqlParameterCollection();
string sql = "";
switch (qylx)
{
case "sgdw":
sql = @"select * from (select a.*,b.qyID from XykpImport a
left join UEPP_Qyjbxx b on a.zzjgdm=b.zzjgdm) as aaa
where 1=1 and ";
break;
case "jldw":
sql = @"select * from (select a.*,b.qyID from XykpImport a
left join UEPP_Qyjbxx b on a.zzjgdm=b.zzjgdm) as aaa
where 1=2 and ";
break;
case "kcdw":
sql = @"select * from (select a.*,b.qyID from XykpImport a
left join UEPP_Qyjbxx b on a.zzjgdm=b.zzjgdm) as aaa
where 1=2 and ";
break;
case "sjdw":
sql = @"select * from (select a.*,b.qyID from XykpImport a
left join UEPP_Qyjbxx b on a.zzjgdm=b.zzjgdm) as aaa
where 1=2 and ";
break;
case "zbdljg":
sql = @"select * from (select a.*,b.qyID from XykpImport a
left join UEPP_Qyjbxx b on a.zzjgdm=b.zzjgdm) as aaa
where 1=2 and ";
break;
case "zjzxjg":
sql = @"select * from (select a.*,b.qyID from XykpImport a
left join UEPP_Qyjbxx b on a.zzjgdm=b.zzjgdm) as aaa
where 1=2 and ";
break;
case "jcjg":
sql = @"select * from (select a.*,b.qyID from XykpImport a
left join UEPP_Qyjbxx b on a.zzjgdm=b.zzjgdm) as aaa
where 1=2 and ";
break;
default:
sql = @"select * from (select a.*,b.qyID from XykpImport a
left join UEPP_Qyjbxx b on a.zzjgdm=b.zzjgdm) as aaa
where 1=1 and ";
break;
}
string zzlb = ft.GetValue("zzlb");
if (!string.IsNullOrEmpty(zzlb))
{
sql += " zzlb in (" + AntiSqlInjection.ParameterizeInClause(zzlb, "@para", ref sp) + ") and ";
ft.Remove("zzlb");
}
string qysd = ft.GetValue("qysd");
if (!string.IsNullOrEmpty(qysd))
{
sql += " qysd in (" + AntiSqlInjection.ParameterizeInClause(qysd, "@pam", ref sp) + ") and ";
ft.Remove("qysd");
}
DALHelper.GetSearchClause(ref sp, ft);
sql += ft.CommandText;
return(DB.ExeSqlForDataTable(sql, sp, "t", orderby, pageSize, pageIndex, out allRecordCount));
}
protected void gvGame_RowCommand(object sender, GridViewCommandEventArgs e)
{
if (e.CommandName == "AddMove")
{
// Retrieve the row index stored in the CommandArgument property.
int index = Convert.ToInt32(e.CommandArgument);
// Retrieve the row that contains the button from the Rows collection.
GridViewRow row = gvGame.Rows[index];
// Get the individual values from the hidden controls
HiddenField hf0 = (HiddenField)row.FindControl("hiddenPos0");
HiddenField hf1 = (HiddenField)row.FindControl("hiddenPos1");
HiddenField hf2 = (HiddenField)row.FindControl("hiddenPos2");
HiddenField hf3 = (HiddenField)row.FindControl("hiddenPos3");
// Check they are available
if ((hf0 == null || hf0.Value.Length < 1) ||
(hf1 == null || hf1.Value.Length < 1) ||
(hf2 == null || hf2.Value.Length < 1) ||
(hf3 == null || hf3.Value.Length < 1))
{
throw new Exception("Please enter a value for each field.");
}
// Check for SQL Injection
string strGameID = AntiSqlInjection.ValidateSqlValue(hdnGameID.Value);
string strG0 = AntiSqlInjection.ValidateInteger(hf0.Value);
string strG1 = AntiSqlInjection.ValidateInteger(hf1.Value);
string strG2 = AntiSqlInjection.ValidateInteger(hf2.Value);
string strG3 = AntiSqlInjection.ValidateInteger(hf3.Value);
// Convert to Integer in prep for inserting into DB
int nGameID = Int32.Parse(strGameID);
int nG0 = Int32.Parse(strG0);
int nG1 = Int32.Parse(strG1);
int nG2 = Int32.Parse(strG2);
int nG3 = Int32.Parse(strG3);
// Create the connection to the DB and insert it
MMData mmd = new MMData(GetConnectionString());
DataTable dt = mmd.P2_MM_NewMove(nGameID, nG0, nG1, nG2, nG3);
if (dt == null || dt.Rows == null || dt.Rows.Count < 1)
{
lblError.Text = "This game is complete. Start a new game.";
lblError.Visible = true;
return;
}
else
{
lblError.Visible = false;
}
// Get the number of black and white pegs
int nNumberCorrectPosition = 0;
int nNumberCorrectColor = 0;
if (dt.Rows[0]["NumberCorrectPosition"] != null &&
dt.Rows[0]["NumberCorrectPosition"] != System.DBNull.Value)
{
nNumberCorrectPosition = (int)dt.Rows[0]["NumberCorrectPosition"];
}
if (dt.Rows[0]["NumberCorrectColor"] != null &&
dt.Rows[0]["NumberCorrectColor"] != System.DBNull.Value)
{
nNumberCorrectColor = (int)dt.Rows[0]["NumberCorrectColor"];
}
if (nNumberCorrectPosition == 4)
{
lblNoGuesses.Text = (index + 1).ToString();
litWinDialog.Visible = true;
return;
}
else
{
litWinDialog.Visible = false;
}
CreateNewGameBoard(nGameID);
}
}
