/// <summary>
/// 从Oracle数据库查询数据,返回类型为DateSet
/// </summary>
/// <param name="oraStr">Oracle查询字符串</param>
/// <returns></returns>
/*public static DataSet SelectByOracle(string oraStr)
* {
* //select info by condition
* SqlParameter[] para = new SqlParameter[1];
* oraStr = oraStr.Replace("'", "''");
* para[0] = new SqlParameter("@oraStr", oraStr);
*
* return DbAccess.DataAdapterByCmd(CommandType.StoredProcedure, "SelectByOracle", para);
*
* //2010年11月9日修改
* //OracleConnection oraconn = new OracleConnection(connOral);
* //try
* //{
* // if (oraconn.State != ConnectionState.Open)
* // oraconn.Open();
* // OracleDataAdapter da = new OracleDataAdapter(oraStr, oraconn);
* // DataSet ds = new DataSet();
* // da.Fill(ds);
* // return ds;
* //}
* //catch(Exception ex)
* //{
* // throw new Exception(ex.Message);
* //}
* //finally
* //{
* // oraconn.Close();
* //}
* }
*/
public static DataSet SelectByOracle(string oraStr)
{
//2010年11月9日修改
Oracle.ManagedDataAccess.Client.OracleConnection oraconn = new Oracle.ManagedDataAccess.Client.OracleConnection(connOral);
try
{
if (oraconn.State != ConnectionState.Open)
{
oraconn.Open();
}
Oracle.ManagedDataAccess.Client.OracleDataAdapter da = new Oracle.ManagedDataAccess.Client.OracleDataAdapter(oraStr, oraconn);
DataSet ds = new DataSet();
da.Fill(ds);
return(ds);
}
catch (Exception ex)
{
throw new Exception(ex.Message);
}
finally
{
oraconn.Close();
}
}
public DataTable OracleExecuteDataTable(string SqlStatment)
{
Oracle.ManagedDataAccess.Client.OracleConnection Cn = new Oracle.ManagedDataAccess.Client.OracleConnection(SQL_CONN_STRING);
try
{
if (Cn.State != ConnectionState.Open)
{
Cn.Open();
}
Oracle.ManagedDataAccess.Client.OracleDataAdapter adtp = new Oracle.ManagedDataAccess.Client.OracleDataAdapter(SqlStatment, Cn);
DataSet Ds = new DataSet();
adtp.Fill(Ds);
Cn.Close();
return(Ds.Tables[0]);
}
catch (Exception)
{
Cn.Close();
return(null);
}
finally
{
Cn.Close();
}
}
/// <summary>
/// EF SQL 语句返回 dataTable
/// </summary>
/// <param name="db"></param>
/// <param name="sql"></param>
/// <param name="parameters"></param>
/// <returns></returns>
public static DataTable SqlQueryForDataTatable(this Database db,
string sql,
SqlParameter[] parameters)
{
Oracle.ManagedDataAccess.Client.OracleConnection conn = new Oracle.ManagedDataAccess.Client.OracleConnection(db.Connection.ConnectionString);
if (conn.State != ConnectionState.Open)
{
conn.Open();
}
Oracle.ManagedDataAccess.Client.OracleCommand cmd = new Oracle.ManagedDataAccess.Client.OracleCommand(sql, conn);
if (parameters.Length > 0)
{
foreach (var item in parameters)
{
cmd.Parameters.Add(item);
}
}
Oracle.ManagedDataAccess.Client.OracleDataAdapter adapter = new Oracle.ManagedDataAccess.Client.OracleDataAdapter(cmd);
DataTable table = new DataTable();
adapter.Fill(table);
return(table);
}
public Conexion2(String comm)
{
this._connString = "DATA SOURCE=localhost:1521/xe; USER ID=AVOT; PASSWORD=paso;";
this._conn = new OracleConnection(_connString);
this._conn.Open();
this._adapter = new OracleDataAdapter();
this._comm = new OracleCommand(comm, _conn);
}
void BadQueries(string name, string password)
{
var command1 = new System.Data.Odbc.OdbcCommand("SELECT AccountNumber FROM Users " + // Noncompliant {{Make sure to sanitize the parameters of this SQL command.}}
// ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
"WHERE Username='******' AND Password='******'");
command1.CommandText = "SELECT AccountNumber FROM Users " + // Noncompliant
// ^^^^^^^^^^^^^^^^^^^^
"WHERE Username='******' AND Password='******'";
var command2 = new System.Data.Odbc.OdbcDataAdapter("SELECT AccountNumber FROM Users " + // Noncompliant
"WHERE Username='******' AND Password='******'", "");
var command3 = new System.Data.OleDb.OleDbCommand("SELECT AccountNumber FROM Users " + // Noncompliant
"WHERE Username='******' AND Password='******'");
command3.CommandText = "SELECT AccountNumber FROM Users " + // Noncompliant
"WHERE Username='******' AND Password='******'";
var command4 = new System.Data.OleDb.OleDbDataAdapter("SELECT AccountNumber FROM Users " + // Noncompliant
"WHERE Username='******' AND Password='******'", "");
var command5 = new Oracle.ManagedDataAccess.Client.OracleCommand("SELECT AccountNumber FROM Users " + // Noncompliant
"WHERE Username='******' AND Password='******'");
command5.CommandText = "SELECT AccountNumber FROM Users " + // Noncompliant
"WHERE Username='******' AND Password='******'";
var command6 = new Oracle.ManagedDataAccess.Client.OracleDataAdapter("SELECT AccountNumber FROM Users " + // Noncompliant
"WHERE Username='******' AND Password='******'", "");
var command7 = new System.Data.SqlServerCe.SqlCeCommand("SELECT AccountNumber FROM Users " + // Noncompliant
"WHERE Username='******' AND Password='******'");
command7.CommandText = "SELECT AccountNumber FROM Users " + // Noncompliant
"WHERE Username='******' AND Password='******'";
var command8 = new System.Data.SqlServerCe.SqlCeDataAdapter("SELECT AccountNumber FROM Users " + // Noncompliant
"WHERE Username='******' AND Password='******'", "");
var command9 = new System.Data.SqlClient.SqlCommand("SELECT AccountNumber FROM Users " + // Noncompliant
"WHERE Username='******' AND Password='******'");
command9.CommandText = "SELECT AccountNumber FROM Users " + // Noncompliant
"WHERE Username='******' AND Password='******'";
var command10 = new System.Data.SqlClient.SqlDataAdapter("SELECT AccountNumber FROM Users " + // Noncompliant
"WHERE Username='******' AND Password='******'", "");
}
/// <summary>
/// 刷新。
/// </summary>
/// <param name="id">归属的抢救室病例ID。</param>
public ActionResult Refresh(Guid rescueRoomInfoId)
{
var db = new EiSDbContext();
var target = db.RescueRoomInfos.Find(rescueRoomInfoId);
if (target == null)
{
return(HttpNotFound());
}
Oracle.ManagedDataAccess.Client.OracleConnection connection;
Oracle.ManagedDataAccess.Client.OracleCommand command;
Oracle.ManagedDataAccess.Client.OracleDataAdapter dataAdapter;
connection = new Oracle.ManagedDataAccess.Client.OracleConnection("Data Source=(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=192.168.100.9)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=hzsydb)));User Id=pacsinterface;Password=pubpacs;");
command = new Oracle.ManagedDataAccess.Client.OracleCommand(string.Format("select * from pacstations.PACS_CHECK_VIEW where cureid='{0}' AND chktime>= to_date('{1}','yyyy-mm-dd')", target.OutPatientNumber, target.InDepartmentTime.ToString("yyyy-MM-dd")), connection);
var dataSet = new System.Data.DataSet();
dataAdapter = new Oracle.ManagedDataAccess.Client.OracleDataAdapter(command);
dataAdapter.Fill(dataSet);
foreach (System.Data.DataRow row in dataSet.Tables[0].Rows)
{
var newRescueRoomImageRecord = new RescueRoomImageRecord();
newRescueRoomImageRecord.BOOKID = (string)row["BOOKID"];
if (db.RescueRoomImageRecords.Any(c => c.BOOKID == newRescueRoomImageRecord.BOOKID) || (target.OutDepartmentTime.HasValue && target.OutDepartmentTime.Value <= (DateTime?)row["CHKTIME"]))
{
continue;
}
newRescueRoomImageRecord.RescueRoomImageRecordId = Guid.NewGuid();
newRescueRoomImageRecord.RescueRoomInfoId = target.RescueRoomInfoId;
newRescueRoomImageRecord.BookTime = (DateTime?)row["BOOKDATE"];
newRescueRoomImageRecord.CheckTime = (DateTime?)row["CHKTIME"];
newRescueRoomImageRecord.ReportTime = (DateTime?)row["REPTIME"];
newRescueRoomImageRecord.Part = (string)row["CHKPARTS"];
newRescueRoomImageRecord.Category = (string)row["CHKTYPENAME"];
var originCode = row["IMGTYPE"].ToString();
var imageCategory = db.ImageCategories.FirstOrDefault(c => c.OriginCode == originCode);
newRescueRoomImageRecord.ImageCategoryId = imageCategory.ImageCategoryId;
newRescueRoomImageRecord.UpdateTime = DateTime.Now;
db.RescueRoomImageRecords.Add(newRescueRoomImageRecord);
db.SaveChanges();
}
//删除检查时间早于入室时间的影像项
if (false)
{
var listRescueRoomImageRecord = db.RescueRoomImageRecords.Where(c => c.RescueRoomInfoId == target.RescueRoomInfoId && c.CheckTime < target.InDepartmentTime).ToList();
db.RescueRoomImageRecords.RemoveRange(listRescueRoomImageRecord);
db.SaveChanges();
}
//删除检查时间超过离室时间的影像项
if (target.OutDepartmentTime.HasValue)
{
var listRescueRoomImageRecord = db.RescueRoomImageRecords.Where(c => c.RescueRoomInfoId == target.RescueRoomInfoId && target.OutDepartmentTime <= c.CheckTime).ToList();
db.RescueRoomImageRecords.RemoveRange(listRescueRoomImageRecord);
db.SaveChanges();
}
return(RedirectToAction("IndexPartial", new { rescueRoomInfoId = rescueRoomInfoId }));
}
/// <summary>
/// Execute an IDbCommand (that returns a resultset) against the provided IDbConnection.
/// </summary>
/// <example>
/// <code>
/// XmlReader r = helper.ExecuteXmlReader(command);
/// </code></example>
/// <param name="command">The IDbCommand to execute</param>
/// <returns>An XmlReader containing the resultset generated by the command</returns>
public override XmlReader ExecuteXmlReader(IDbCommand command)
{
bool mustCloseConnection = false;
if (command.Connection.State != ConnectionState.Open)
{
command.Connection.Open();
mustCloseConnection = true;
}
CleanParameterSyntax(command);
OracleDataAdapter da = new OracleDataAdapter((OracleCommand)command);
DataSet ds = new DataSet();
da.MissingSchemaAction = MissingSchemaAction.AddWithKey;
da.Fill(ds);
StringReader stream = new StringReader(ds.GetXml());
if (mustCloseConnection)
{
command.Connection.Close();
}
return new XmlTextReader(stream);
}
