/// <summary> /// 从Oracle数据库查询数据,返回类型为DateSet /// </summary> /// <param name="oraStr">Oracle查询字符串</param> /// <returns></returns> /*public static DataSet SelectByOracle(string oraStr) * { * //select info by condition * SqlParameter[] para = new SqlParameter[1]; * oraStr = oraStr.Replace("'", "''"); * para[0] = new SqlParameter("@oraStr", oraStr); * * return DbAccess.DataAdapterByCmd(CommandType.StoredProcedure, "SelectByOracle", para); * * //2010年11月9日修改 * //OracleConnection oraconn = new OracleConnection(connOral); * //try * //{ * // if (oraconn.State != ConnectionState.Open) * // oraconn.Open(); * // OracleDataAdapter da = new OracleDataAdapter(oraStr, oraconn); * // DataSet ds = new DataSet(); * // da.Fill(ds); * // return ds; * //} * //catch(Exception ex) * //{ * // throw new Exception(ex.Message); * //} * //finally * //{ * // oraconn.Close(); * //} * } */ public static DataSet SelectByOracle(string oraStr) { //2010年11月9日修改 Oracle.ManagedDataAccess.Client.OracleConnection oraconn = new Oracle.ManagedDataAccess.Client.OracleConnection(connOral); try { if (oraconn.State != ConnectionState.Open) { oraconn.Open(); } Oracle.ManagedDataAccess.Client.OracleDataAdapter da = new Oracle.ManagedDataAccess.Client.OracleDataAdapter(oraStr, oraconn); DataSet ds = new DataSet(); da.Fill(ds); return(ds); } catch (Exception ex) { throw new Exception(ex.Message); } finally { oraconn.Close(); } }
public DataTable OracleExecuteDataTable(string SqlStatment) { Oracle.ManagedDataAccess.Client.OracleConnection Cn = new Oracle.ManagedDataAccess.Client.OracleConnection(SQL_CONN_STRING); try { if (Cn.State != ConnectionState.Open) { Cn.Open(); } Oracle.ManagedDataAccess.Client.OracleDataAdapter adtp = new Oracle.ManagedDataAccess.Client.OracleDataAdapter(SqlStatment, Cn); DataSet Ds = new DataSet(); adtp.Fill(Ds); Cn.Close(); return(Ds.Tables[0]); } catch (Exception) { Cn.Close(); return(null); } finally { Cn.Close(); } }
/// <summary> /// EF SQL 语句返回 dataTable /// </summary> /// <param name="db"></param> /// <param name="sql"></param> /// <param name="parameters"></param> /// <returns></returns> public static DataTable SqlQueryForDataTatable(this Database db, string sql, SqlParameter[] parameters) { Oracle.ManagedDataAccess.Client.OracleConnection conn = new Oracle.ManagedDataAccess.Client.OracleConnection(db.Connection.ConnectionString); if (conn.State != ConnectionState.Open) { conn.Open(); } Oracle.ManagedDataAccess.Client.OracleCommand cmd = new Oracle.ManagedDataAccess.Client.OracleCommand(sql, conn); if (parameters.Length > 0) { foreach (var item in parameters) { cmd.Parameters.Add(item); } } Oracle.ManagedDataAccess.Client.OracleDataAdapter adapter = new Oracle.ManagedDataAccess.Client.OracleDataAdapter(cmd); DataTable table = new DataTable(); adapter.Fill(table); return(table); }
public Conexion2(String comm) { this._connString = "DATA SOURCE=localhost:1521/xe; USER ID=AVOT; PASSWORD=paso;"; this._conn = new OracleConnection(_connString); this._conn.Open(); this._adapter = new OracleDataAdapter(); this._comm = new OracleCommand(comm, _conn); }
void BadQueries(string name, string password) { var command1 = new System.Data.Odbc.OdbcCommand("SELECT AccountNumber FROM Users " + // Noncompliant {{Make sure to sanitize the parameters of this SQL command.}} // ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ "WHERE Username='******' AND Password='******'"); command1.CommandText = "SELECT AccountNumber FROM Users " + // Noncompliant // ^^^^^^^^^^^^^^^^^^^^ "WHERE Username='******' AND Password='******'"; var command2 = new System.Data.Odbc.OdbcDataAdapter("SELECT AccountNumber FROM Users " + // Noncompliant "WHERE Username='******' AND Password='******'", ""); var command3 = new System.Data.OleDb.OleDbCommand("SELECT AccountNumber FROM Users " + // Noncompliant "WHERE Username='******' AND Password='******'"); command3.CommandText = "SELECT AccountNumber FROM Users " + // Noncompliant "WHERE Username='******' AND Password='******'"; var command4 = new System.Data.OleDb.OleDbDataAdapter("SELECT AccountNumber FROM Users " + // Noncompliant "WHERE Username='******' AND Password='******'", ""); var command5 = new Oracle.ManagedDataAccess.Client.OracleCommand("SELECT AccountNumber FROM Users " + // Noncompliant "WHERE Username='******' AND Password='******'"); command5.CommandText = "SELECT AccountNumber FROM Users " + // Noncompliant "WHERE Username='******' AND Password='******'"; var command6 = new Oracle.ManagedDataAccess.Client.OracleDataAdapter("SELECT AccountNumber FROM Users " + // Noncompliant "WHERE Username='******' AND Password='******'", ""); var command7 = new System.Data.SqlServerCe.SqlCeCommand("SELECT AccountNumber FROM Users " + // Noncompliant "WHERE Username='******' AND Password='******'"); command7.CommandText = "SELECT AccountNumber FROM Users " + // Noncompliant "WHERE Username='******' AND Password='******'"; var command8 = new System.Data.SqlServerCe.SqlCeDataAdapter("SELECT AccountNumber FROM Users " + // Noncompliant "WHERE Username='******' AND Password='******'", ""); var command9 = new System.Data.SqlClient.SqlCommand("SELECT AccountNumber FROM Users " + // Noncompliant "WHERE Username='******' AND Password='******'"); command9.CommandText = "SELECT AccountNumber FROM Users " + // Noncompliant "WHERE Username='******' AND Password='******'"; var command10 = new System.Data.SqlClient.SqlDataAdapter("SELECT AccountNumber FROM Users " + // Noncompliant "WHERE Username='******' AND Password='******'", ""); }
/// <summary> /// 刷新。 /// </summary> /// <param name="id">归属的抢救室病例ID。</param> public ActionResult Refresh(Guid rescueRoomInfoId) { var db = new EiSDbContext(); var target = db.RescueRoomInfos.Find(rescueRoomInfoId); if (target == null) { return(HttpNotFound()); } Oracle.ManagedDataAccess.Client.OracleConnection connection; Oracle.ManagedDataAccess.Client.OracleCommand command; Oracle.ManagedDataAccess.Client.OracleDataAdapter dataAdapter; connection = new Oracle.ManagedDataAccess.Client.OracleConnection("Data Source=(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=192.168.100.9)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=hzsydb)));User Id=pacsinterface;Password=pubpacs;"); command = new Oracle.ManagedDataAccess.Client.OracleCommand(string.Format("select * from pacstations.PACS_CHECK_VIEW where cureid='{0}' AND chktime>= to_date('{1}','yyyy-mm-dd')", target.OutPatientNumber, target.InDepartmentTime.ToString("yyyy-MM-dd")), connection); var dataSet = new System.Data.DataSet(); dataAdapter = new Oracle.ManagedDataAccess.Client.OracleDataAdapter(command); dataAdapter.Fill(dataSet); foreach (System.Data.DataRow row in dataSet.Tables[0].Rows) { var newRescueRoomImageRecord = new RescueRoomImageRecord(); newRescueRoomImageRecord.BOOKID = (string)row["BOOKID"]; if (db.RescueRoomImageRecords.Any(c => c.BOOKID == newRescueRoomImageRecord.BOOKID) || (target.OutDepartmentTime.HasValue && target.OutDepartmentTime.Value <= (DateTime?)row["CHKTIME"])) { continue; } newRescueRoomImageRecord.RescueRoomImageRecordId = Guid.NewGuid(); newRescueRoomImageRecord.RescueRoomInfoId = target.RescueRoomInfoId; newRescueRoomImageRecord.BookTime = (DateTime?)row["BOOKDATE"]; newRescueRoomImageRecord.CheckTime = (DateTime?)row["CHKTIME"]; newRescueRoomImageRecord.ReportTime = (DateTime?)row["REPTIME"]; newRescueRoomImageRecord.Part = (string)row["CHKPARTS"]; newRescueRoomImageRecord.Category = (string)row["CHKTYPENAME"]; var originCode = row["IMGTYPE"].ToString(); var imageCategory = db.ImageCategories.FirstOrDefault(c => c.OriginCode == originCode); newRescueRoomImageRecord.ImageCategoryId = imageCategory.ImageCategoryId; newRescueRoomImageRecord.UpdateTime = DateTime.Now; db.RescueRoomImageRecords.Add(newRescueRoomImageRecord); db.SaveChanges(); } //删除检查时间早于入室时间的影像项 if (false) { var listRescueRoomImageRecord = db.RescueRoomImageRecords.Where(c => c.RescueRoomInfoId == target.RescueRoomInfoId && c.CheckTime < target.InDepartmentTime).ToList(); db.RescueRoomImageRecords.RemoveRange(listRescueRoomImageRecord); db.SaveChanges(); } //删除检查时间超过离室时间的影像项 if (target.OutDepartmentTime.HasValue) { var listRescueRoomImageRecord = db.RescueRoomImageRecords.Where(c => c.RescueRoomInfoId == target.RescueRoomInfoId && target.OutDepartmentTime <= c.CheckTime).ToList(); db.RescueRoomImageRecords.RemoveRange(listRescueRoomImageRecord); db.SaveChanges(); } return(RedirectToAction("IndexPartial", new { rescueRoomInfoId = rescueRoomInfoId })); }
/// <summary> /// Execute an IDbCommand (that returns a resultset) against the provided IDbConnection. /// </summary> /// <example> /// <code> /// XmlReader r = helper.ExecuteXmlReader(command); /// </code></example> /// <param name="command">The IDbCommand to execute</param> /// <returns>An XmlReader containing the resultset generated by the command</returns> public override XmlReader ExecuteXmlReader(IDbCommand command) { bool mustCloseConnection = false; if (command.Connection.State != ConnectionState.Open) { command.Connection.Open(); mustCloseConnection = true; } CleanParameterSyntax(command); OracleDataAdapter da = new OracleDataAdapter((OracleCommand)command); DataSet ds = new DataSet(); da.MissingSchemaAction = MissingSchemaAction.AddWithKey; da.Fill(ds); StringReader stream = new StringReader(ds.GetXml()); if (mustCloseConnection) { command.Connection.Close(); } return new XmlTextReader(stream); }