public OrmLitePageResult <Announcement> SelectList(string title, int pageIndex, int pageSize) { StringBuilder sb = new StringBuilder(); var ps = DictBuilder.New(); sb.Append("1=1"); var orderBy = "id desc"; title = SqlInjection.Filter(title); if (!string.IsNullOrEmpty(title)) { sb.AppendFormat(" and Title like '%{0}%'", title); } var factor = new OrmLitePageFactor { Conditions = sb.ToString(), PageIndex = pageIndex, PageSize = pageSize, OrderBy = orderBy, Params = ps }; return(announcementDao.SelectPage(factor)); }
// <summary> // Get values for the giving account // </summary> public void GetValues(string token) { // MySQL query const string result = "SELECT id, voornaam, tussenvoegsel, achternaam, email, pepper " + "FROM meok2_bibliotheek_gebruikers"; using (var empConnection = DatabaseConnection.DatabaseConnect()) { using (var showresult = new MySqlCommand(result, empConnection)) { try { DatabaseConnection.DatabaseOpen(empConnection); // Execute command using (var reader = showresult.ExecuteReader(CommandBehavior.CloseConnection)) { while (reader.Read()) { // Check if the MD5 hash mathes using (var md5Hash = MD5.Create()) { if (!Crypt.VerifyMd5Hash(md5Hash, reader.GetValue(4).ToString(), token)) { continue; } // Save the values var id = reader.GetValue(0).ToString(); var pepper = reader.GetValue(5).ToString(); if (id != "-1") { // Save values to the model Id = Convert.ToInt16(id); Firstname = SqlInjection.SafeSqlLiteralRevert( Crypt.StringDecrypt(reader.GetValue(1).ToString(), pepper)); Affix = SqlInjection.SafeSqlLiteralRevert( Crypt.StringDecrypt(reader.GetValue(2).ToString(), pepper)); Lastname = SqlInjection.SafeSqlLiteralRevert( Crypt.StringDecrypt(reader.GetValue(3).ToString(), pepper)); Mail = SqlInjection.SafeSqlLiteralRevert(reader.GetValue(4).ToString()); Pepper = pepper; } } } } } catch (MySqlException) { // MySqlException bail out } finally { DatabaseConnection.DatabaseClose(empConnection); } } } }
public List <MachinesInfo> GetMachines(string NWIP, string WWIP, string JQRT, string GLY, string ZG, PagerInfo info) { if (NWIP != null && SqlInjection.GetString(NWIP)) { return(null); } if (WWIP != null && SqlInjection.GetString(WWIP)) { return(null); } if (JQRT != null && SqlInjection.GetString(JQRT)) { return(null); } if (GLY != null && SqlInjection.GetString(GLY)) { return(null); } if (ZG != null && SqlInjection.GetString(ZG)) { return(null); } if (machinesDal == null) { machinesDal = baseDal as IMachines; } return(machinesDal.GetMachines(NWIP, WWIP, JQRT, GLY, ZG, info)); }
public Int32 GetMachinesCount(string NWIP, string WWIP, string JQRT, string GLY, string ZG) { if (NWIP != null && SqlInjection.GetString(NWIP)) { return(-1); } if (WWIP != null && SqlInjection.GetString(WWIP)) { return(-1); } if (JQRT != null && SqlInjection.GetString(JQRT)) { return(-1); } if (GLY != null && SqlInjection.GetString(GLY)) { return(-1); } if (ZG != null && SqlInjection.GetString(ZG)) { return(-1); } if (machinesDal == null) { machinesDal = baseDal as IMachines; } return(machinesDal.GetMachinesCount(NWIP, WWIP, JQRT, GLY, ZG)); }
/// <summary> /// 获取测试数据 /// </summary> /// <param name="key"></param> /// <param name="PageSize"></param> /// <param name="CurrentCount"></param> /// <param name="TotalCount"></param> /// <returns></returns> public List <ArticleEntity> GetArticleList(string key, int PageSize, int CurrentCount, out int TotalCount) { string tabName = string.Format("Article"); string strWhere = " 1=1"; if (!string.IsNullOrEmpty(key)) { //SQL关键字过滤 包含关键字则不拼接SQL if (!SqlInjection.GetString(key)) { strWhere += string.Format(" AND (Title LIKE '%{0}%' OR Content LIKE '%{0}%')", key); } } string Order = string.Format("ID DESC"); DataSet ds = SqlHelper.GetList(SqlHelper.connStr, Order, PageSize, CurrentCount, tabName, strWhere, out TotalCount); List <ArticleEntity> list = new List <ArticleEntity>(); if (ds != null && ds.Tables.Count > 0) { foreach (DataRow dr in ds.Tables[0].Rows) { ArticleEntity model = new ArticleEntity(); model.ID = Convert.ToInt32(dr["ID"]); model.Title = dr["Title"].ToString(); model.Content = dr["Content"].ToString(); list.Add(model); } } return(list); }
/// <summary> /// 分页查询 /// </summary> /// <returns></returns> public ActionResult GetAllResumeInfo() { string strWhere = "1=1"; string sort = Request["sort"] == null ? "Id" : Request["sort"]; string order = Request["order"] == null ? "asc" : Request["order"]; //首先获取前台传递过来的参数 int pageindex = Request["page"] == null ? 1 : Convert.ToInt32(Request["page"]); int pagesize = Request["rows"] == null ? 10 : Convert.ToInt32(Request["rows"]); if (!string.IsNullOrEmpty(Request["RealName"]) && !SqlInjection.GetString(Request["RealName"])) { strWhere += " and RealName like '%" + Request["RealName"] + "%'"; } if (!string.IsNullOrEmpty(Request["IdCard"]) && !SqlInjection.GetString(Request["IdCard"])) { strWhere += " and IdCard like '%" + Request["IdCard"] + "%'"; } int totalCount; //输出参数 string strJson = bll.GetPager("Resume_Base", "Id,RealName,Sex,Nation,IdCard,PoliticalAffiliation,Education,Major,IsMarry,IsBred,Residence,ResidenceType,Address,FillingDate ", sort + " " + order, pagesize, pageindex, strWhere, out totalCount); var jsonResult = new { total = totalCount.ToString(), rows = strJson }; return(Content("{\"total\": " + totalCount.ToString() + ",\"rows\":" + strJson + "}")); }
/// <summary> /// 获取项目的节点详情 /// </summary> /// <returns></returns> public ActionResult GetPMNodeInfo() { //首先获取前台传递过来的参数 string strWhere = "1=1"; string view = Request["view"] == null ? "PMMaintain" : Request["view"]; string ProjectID = Request["ProjectID"] == null ? "" : Request["ProjectID"]; string ProjectNo = Request["ProjectNo"] == null ? "" : Request["ProjectNo"]; string ProjectName = Request["ProjectName"] == null ? "" : Request["ProjectName"]; if (ProjectID.Trim() != "" && !SqlInjection.GetString(ProjectID)) //防止sql注入 { strWhere += string.Format(" and ProjectID = '{0}'", ProjectID.Trim()); } string content = ""; try { string sqlstr = string.Format("select * from tbMgrNodeInfo where ProjectID='{0}'", ProjectID); DataTable dt = AchieveCommon.SqlHelper.GetDataTable(SqlHelper.connStr, sqlstr); string strJson = AchieveCommon.JsonHelper.ToJson(dt); content = "{\"success\": true ,\"rows\":" + strJson + "}"; } catch (Exception ex) { return(Content("{\"msg\":\"获取数据失败," + ex.Message.Trim().Replace("\r", "").Replace("\n", "") + "\",\"success\":false}")); } return(Content(content)); }
public OrmLitePageResult <TimedTask> SearchList(string name, bool?enable, int pageIndex, int pageSize) { var condition = "1=1"; name = SqlInjection.Filter(name); if (!string.IsNullOrEmpty(name)) { condition += " and Name like '%" + name + "%'"; } if (enable != null) { condition += " and Enable=" + (enable.Value ? "1" : "0"); } using (var db = Open()) { return(db.SelectPage <TimedTask>(new OrmLitePageFactor { PageIndex = pageIndex, PageSize = pageSize, OrderBy = "id desc", Conditions = condition, })); } }
// <summary> // Select all users from database // </summary> public static List <String> AllUsers() { // Initial vars var list = new List <String>(); // MySQL query const string result = "SELECT id, voornaam, tussenvoegsel, achternaam, pepper, email " + "FROM meok2_bibliotheek_gebruikers"; using (var empConnection = DatabaseConnection.DatabaseConnect()) { using (var showresult = new MySqlCommand(result, empConnection)) { try { DatabaseConnection.DatabaseOpen(empConnection); // Execute command using (var myDataReader = showresult.ExecuteReader(CommandBehavior.CloseConnection)) { while (myDataReader.Read()) { // Save the values var id = myDataReader.GetString(0); var pepper = myDataReader.GetString(4); var name = SqlInjection.SafeSqlLiteralRevert(Crypt.StringDecrypt(myDataReader.GetString(1), pepper)); var affix = myDataReader.GetString(2); var lastname = SqlInjection.SafeSqlLiteralRevert(Crypt.StringDecrypt(myDataReader.GetString(3), pepper)); var email = myDataReader.GetString(5); if (!String.IsNullOrEmpty(affix)) { name = name + " " + SqlInjection.SafeSqlLiteralRevert(Crypt.StringDecrypt(affix, pepper)); } name = name + " " + lastname; list.Add(id); list.Add(name); list.Add(email); } } } catch (MySqlException) { // MySqlException bail out } finally { DatabaseConnection.DatabaseClose(empConnection); } } } return(list); }
public ActionResult GetAllProduceInfo() { string strWhere = "1=1"; string sort = Request["sort"] == null ? "ID" : Request["sort"]; string order = Request["order"] == null ? "asc" : Request["order"]; //首先获取前台传递过来的参数 int pageindex = Request["page"] == null ? 1 : Convert.ToInt32(Request["page"]); int pagesize = Request["rows"] == null ? 10 : Convert.ToInt32(Request["rows"]); string userid = Request["accountid"] == null ? "" : Request["accountid"]; string username = Request["username"] == null ? "" : Request["username"]; string isable = Request["isable"] == null ? "" : Request["isable"]; string ifchangepwd = Request["ifchangepwd"] == null ? "" : Request["ifchangepwd"]; string userperson = Request["userperson"] == null ? "" : Request["userperson"]; string adddatestart = Request["adddatestart"] == null ? "" : Request["adddatestart"]; string adddateend = Request["adddateend"] == null ? "" : Request["adddateend"]; if (userid.Trim() != "" && !SqlInjection.GetString(userid)) //防止sql注入 { strWhere += string.Format(" and AccountName like '%{0}%'", userid.Trim()); } if (username.Trim() != "" && !SqlInjection.GetString(username)) { strWhere += string.Format(" and RealName like '%{0}%'", username.Trim()); } if (isable.Trim() != "select" && isable.Trim() != "") { strWhere += " and IsAble = '" + isable.Trim() + "'"; } if (ifchangepwd.Trim() != "select" && ifchangepwd.Trim() != "") { strWhere += " and IfChangePwd = '" + ifchangepwd.Trim() + "'"; } if (adddatestart.Trim() != "") { strWhere += " and CreateTime > '" + adddatestart.Trim() + "'"; } if (adddateend.Trim() != "") { strWhere += " and CreateTime < '" + adddateend.Trim() + "'"; } int totalCount; //输出参数 DataTable dt = AchieveCommon.SqlPagerHelper.GetPagerK3("ICMO", "FBillNo,FStatus,FQty,FCommitQty,FPlanCommitDate,FPlanFinishDate,FStartDate,FFinishDate,FType,FWorkShop,FItemID", sort + " " + order, pagesize, pageindex, strWhere, out totalCount); dt.Columns.Add(new DataColumn("FModel")); dt.Columns.Add(new DataColumn("FName")); for (int i = 0; i < dt.Rows.Count; i++) { DataTable dticitemcore = GetFNameByFItemID(Convert.ToInt32(dt.Rows[i]["FItemID"])); dt.Rows[i]["FModel"] = AchieveCommon.JsonHelper.ColumnToJson(dticitemcore, 0); dt.Rows[i]["FName"] = AchieveCommon.JsonHelper.ColumnToJson(dticitemcore, 1); } string strJson = AchieveCommon.JsonHelper.ToJson(dt); var jsonResult = new { total = totalCount.ToString(), rows = strJson }; return(Content("{\"total\": " + totalCount.ToString() + ",\"rows\":" + strJson + "}")); }
public void Replace(string input, string expected) { var manip = new SqlInjection(12); var result = manip.Manipulate(input); Assert.NotNull(result); Assert.Equal(expected, result); }
public SqlInjection GetOrSetSqlInjection(Type entityType, SqlInjection sqlInjection = null) { if (!_sqlInjections.TryGetValue(entityType, out SqlInjection value) && sqlInjection != null) { value = sqlInjection; _sqlInjections[entityType] = value; } return(value); }
public ActionResult GetAllProduceInfo() { string strWhere = "1=1"; string sort = Request["sort"] == null ? "FPlanCommitDate" : Request["sort"]; string order = Request["order"] == null ? "desc" : Request["order"]; //首先获取前台传递过来的参数 int pageindex = Request["page"] == null ? 1 : Convert.ToInt32(Request["page"]); int pagesize = Request["rows"] == null ? 10 : Convert.ToInt32(Request["rows"]); string FBillNo = Request["FBillNo"] == null ? "" : Request["FBillNo"]; string FItemID = Request["FItemID"] == null ? "" : Request["FItemID"]; string isable = Request["isable"] == null ? "" : Request["isable"]; string ifchangepwd = Request["ifchangepwd"] == null ? "" : Request["ifchangepwd"]; string userperson = Request["userperson"] == null ? "" : Request["userperson"]; string FPlanCommitDate = Request["FPlanCommitDate"] == null ? "" : Request["FPlanCommitDate"]; string FPlanFinishDate = Request["FPlanFinishDate"] == null ? "" : Request["FPlanFinishDate"]; if (FBillNo.Trim() != "" && !SqlInjection.GetString(FBillNo)) //防止sql注入 { strWhere += string.Format(" and FBillNo like '%{0}%'", FBillNo.Trim()); } //FName为非主表字段,暂不支持直接查询; //后期解决思路,先根据FName在子表中查询对应的FItemID,可能有多个,则将这多个拼接成where条件; //例如 FItemID = id1 and FItemID = id2 and FItemID = id3... //if (FName.Trim() != "" && !SqlInjection.GetString(FName)) // strWhere += string.Format(" and FName like '%{0}%'", FName.Trim()); if (FItemID.Trim() != "" && !SqlInjection.GetString(FItemID)) { strWhere += string.Format(" and FItemID like '%{0}%'", FItemID.Trim()); } if (isable.Trim() != "select" && isable.Trim() != "") { strWhere += " and IsAble = '" + isable.Trim() + "'"; } if (ifchangepwd.Trim() != "select" && ifchangepwd.Trim() != "") { strWhere += " and IfChangePwd = '" + ifchangepwd.Trim() + "'"; } if (FPlanCommitDate.Trim() != "") { strWhere += " and FPlanCommitDate > '" + FPlanCommitDate.Trim() + "'"; } if (FPlanFinishDate.Trim() != "") { strWhere += " and FPlanFinishDate < '" + FPlanFinishDate.Trim() + "'"; } //抽取主作业计划单,规则不包含-、_两种连接符 strWhere += "and Fbillno not like '%v_%' ESCAPE 'v' and Fbillno not like '%v-%' ESCAPE 'v'"; int totalCount; //输出参数 string strJson = new ProjectBLL().GetJsonPager("ICMO", "FBillNo,FStatus,FQty,FCommitQty,FPlanCommitDate,FPlanFinishDate,FStartDate,FFinishDate,FType,FWorkShop,FItemID", sort + " " + order, pagesize, pageindex, strWhere, out totalCount); //var jsonResult = new { total = totalCount.ToString(), rows = strJson }; return(Content("{\"total\": " + totalCount.ToString() + ",\"rows\":" + strJson + "}")); }
// <summary> Adds a new user to the database </summery> public void AddUser() { // Run model through sql injection prevention var fullName = SqlInjection.SafeSqlLiteral(Name); var username = SqlInjection.SafeSqlLiteral(StringManipulation.ToLowerFast(Username)); var salt = Crypt.GetRandomSalt(); // TFA code var buffer = new byte[9]; using (var rng = RandomNumberGenerator.Create()) { rng.GetBytes(buffer); } // Generates a 10 character string of A-Z, a-z, 0-9 Don't need to worry about any = // padding from the Base64 encoding, since our input buffer is divisible by 3 var secret = Convert.ToBase64String(buffer).Substring(0, 10).Replace('/', '0').Replace('+', '1'); // MySql query const string insertStatement = "INSERT INTO users " + "(Name, Username, Password, Salt, Secret) " + "VALUES (?, ?, ?, ?, ?)"; using (var empConnection = DatabaseConnection.DatabaseConnect()) { using (var insertCommand = new MySqlCommand(insertStatement, empConnection)) { // Bind parameters insertCommand.Parameters.Add("Name", MySqlDbType.VarChar).Value = fullName; insertCommand.Parameters.Add("Username", MySqlDbType.VarChar).Value = username; insertCommand.Parameters.Add("Password", MySqlDbType.VarChar).Value = Crypt.HashPassword(Password, salt); insertCommand.Parameters.Add("Salt", MySqlDbType.VarChar).Value = salt; insertCommand.Parameters.Add("Secret", MySqlDbType.VarChar).Value = secret; try { DatabaseConnection.DatabaseOpen(empConnection); // Execute command insertCommand.ExecuteNonQuery(); } catch (MySqlException) { // MySqlException bail out } finally { // Always close the connection DatabaseConnection.DatabaseClose(empConnection); } } } Done = true; }
public bool Login() { var email = SqlInjection.SafeSqlLiteral(StringManipulation.ToLowerFast(Email)); var password = Password; var savedPassword = String.Empty; var savedSalt = String.Empty; var savedId = String.Empty; // MySQL query const string result = "SELECT id, password, salt, admin " + "FROM meok2_bibliotheek_gebruikers " + "WHERE email = ?"; using (var empConnection = DatabaseConnection.DatabaseConnect()) { using (var showresult = new MySqlCommand(result, empConnection)) { // Bind parameters showresult.Parameters.Add("email", MySqlDbType.VarChar).Value = email; try { DatabaseConnection.DatabaseOpen(empConnection); // Execute command using (var myDataReader = showresult.ExecuteReader(CommandBehavior.CloseConnection)) { while (myDataReader.Read()) { // Save the values savedId = myDataReader.GetValue(0).ToString(); savedPassword = myDataReader.GetString(1); savedSalt = myDataReader.GetString(2); Admin = Convert.ToInt16(myDataReader.GetValue(3)); } } // Hash the password and check if the hash is the same as the saved password if (Crypt.ValidatePassword(password, savedPassword, savedSalt)) { Cookies.MakeCookie(email, savedId, Admin.ToString(CultureInfo.InvariantCulture)); return(true); } } catch (MySqlException) { // MySqlException bail out return(false); } finally { DatabaseConnection.DatabaseClose(empConnection); } } } return(false); }
public string MailCheck(string input) { // Validate email if (ValidateEmail.IsValidEmail(input)) { return(RegisterModel.CheckMail(SqlInjection.SafeSqlLiteral(StringManipulation.ToLowerFast(input))) > 0 ? "Deze email is al bezet" : "Deze email is nog niet bezet"); } return("Dit is geen geldig email adres"); }
public void Existing_WithoutValue_ReturningValue() { var value = new SqlInjection { EntityType = typeof(SqlInjectionTest), Property = "foo", Sql = "select foo from dual" }; _ = Configuration.GetOrSetSqlInjection(typeof(SqlInjectionTest), value); var result = Configuration.GetOrSetSqlInjection(typeof(SqlInjectionTest), null); result.Should().Be(value); }
public List <SystemRole> SelectAll(string name) { name = SqlInjection.Filter(name); if (string.IsNullOrEmpty(name)) { return(systemRoleDao.SelectAll()); } else { return(systemRoleDao.Select($"name like '%{name}%'", null)); } }
/// <summary> /// 获取权限下的用户(分页) /// </summary> public string GetPagerRoleUser(int roleId, string order, int pageSize, int pageIndex) { if (SqlInjection.GetString(order)) //简单的sql注入过滤 { order = "CreateTime asc"; } int totalCount = dal.GetRoleUserCount(roleId); DataTable dt = dal.GetPagerRoleUser(roleId, order, pageSize, pageIndex); string strjson = JsonHelper.ToJson(dt); return("{\"total\": " + totalCount.ToString() + ",\"rows\":" + strjson + "}"); }
public void NotExisting_WithValue_ReturningNull() { var value = new SqlInjection { EntityType = typeof(SqlInjectionTest), Property = "foo", Sql = "select foo from dual" }; var result = Configuration.GetOrSetSqlInjection(typeof(SqlInjectionTest), value); Assert.IsNotNull(result); Assert.AreSame(value, result); Assert.AreEqual("foo", value.Property); Assert.AreEqual("select foo from dual", value.Sql); Assert.AreEqual(value.EntityType, result.EntityType); }
// <summary> // Add book to the database // </summary> public bool AddBook() { // Run model through sql prevention and save them to vars var title = SqlInjection.SafeSqlLiteral(Title); var author = SqlInjection.SafeSqlLiteral(Author); var genre = Genre; var isbn = SqlInjection.SafeSqlLiteral(Isbn); var floor = Floor; var rack = Rack; var dateAdded = StringManipulation.DateTimeToMySql(DateTime.Now); // MySQL query Insert book in the database const string insertStatement = "INSERT INTO meok2_bibliotheek_boeken " + "(titel, auteur, genre, isbn, verdieping, rek, dateadded) " + "VALUES (?, ?, ?, ?, ?, ?, ?)"; using (var empConnection = DatabaseConnection.DatabaseConnect()) { using (var insertCommand = new MySqlCommand(insertStatement, empConnection)) { // Bind parameters insertCommand.Parameters.Add("titel", MySqlDbType.VarChar).Value = title; insertCommand.Parameters.Add("auteur", MySqlDbType.VarChar).Value = author; insertCommand.Parameters.Add("genre", MySqlDbType.Int16).Value = genre; insertCommand.Parameters.Add("isbn", MySqlDbType.VarChar).Value = isbn; insertCommand.Parameters.Add("verdieping", MySqlDbType.Int16).Value = floor; insertCommand.Parameters.Add("rek", MySqlDbType.Int16).Value = rack; insertCommand.Parameters.Add("dateadded", MySqlDbType.Date).Value = dateAdded; try { DatabaseConnection.DatabaseOpen(empConnection); // Execute command insertCommand.ExecuteNonQuery(); // Return return(true); } catch (MySqlException) { // MySqlException bail out return(false); } finally { // Make sure to close the connection DatabaseConnection.DatabaseClose(empConnection); } } } }
public DataTable GetZG(string key) { // 检查一下key是否含有不合法的字符串 if (SqlInjection.GetString(key)) { return(null); } if (machinesDal == null) { machinesDal = baseDal as IMachines; } return(machinesDal.GetZG(key)); }
public ActionResult GetAllUserInfo() { string strWhere = "1=1"; string sort = Request["sort"] == null ? "ID" : Request["sort"]; string order = Request["order"] == null ? "asc" : Request["order"]; //首先获取前台传递过来的参数 int pageindex = Request["page"] == null ? 1 : Convert.ToInt32(Request["page"]); int pagesize = Request["rows"] == null ? 10 : Convert.ToInt32(Request["rows"]); string userid = Request["accountid"] == null ? "" : Request["accountid"]; string username = Request["username"] == null ? "" : Request["username"]; string isable = Request["isable"] == null ? "" : Request["isable"]; string ifchangepwd = Request["ifchangepwd"] == null ? "" : Request["ifchangepwd"]; string userperson = Request["userperson"] == null ? "" : Request["userperson"]; string adddatestart = Request["adddatestart"] == null ? "" : Request["adddatestart"]; string adddateend = Request["adddateend"] == null ? "" : Request["adddateend"]; if (userid.Trim() != "" && !SqlInjection.GetString(userid)) //防止sql注入 { strWhere += string.Format(" and AccountName like '%{0}%'", userid.Trim()); } if (username.Trim() != "" && !SqlInjection.GetString(username)) { strWhere += string.Format(" and RealName like '%{0}%'", username.Trim()); } if (isable.Trim() != "select" && isable.Trim() != "") { strWhere += " and IsAble = '" + isable.Trim() + "'"; } if (ifchangepwd.Trim() != "select" && ifchangepwd.Trim() != "") { strWhere += " and IfChangePwd = '" + ifchangepwd.Trim() + "'"; } if (adddatestart.Trim() != "") { strWhere += " and CreateTime > '" + adddatestart.Trim() + "'"; } if (adddateend.Trim() != "") { strWhere += " and CreateTime < '" + adddateend.Trim() + "'"; } int totalCount; //输出参数 string strJson = new UserBLL().GetPager("tbUser", "ID,AccountName,[Password],RealName,MobilePhone,Email,IsAble,IfChangePwd,[Description],CreateTime,CreateBy,UpdateTime,UpdateBy", sort + " " + order, pagesize, pageindex, strWhere, out totalCount); var jsonResult = new { total = totalCount.ToString(), rows = strJson }; return(Content("{\"total\": " + totalCount.ToString() + ",\"rows\":" + strJson + "}")); }
// <summary> // select book from the database // </summary> public static List <String> SelectBookById(String id) { // Initial vars var list = new List <String>(); // MySQL query const string result = "SELECT titel, auteur, genre, isbn, verdieping, rek, amount " + "FROM meok2_bibliotheek_boeken " + "WHERE id = ?"; using (var empConnection = DatabaseConnection.DatabaseConnect()) { using (var showresult = new MySqlCommand(result, empConnection)) { // Bind parameters showresult.Parameters.Add("id", MySqlDbType.VarChar).Value = SqlInjection.SafeSqlLiteral(id); try { DatabaseConnection.DatabaseOpen(empConnection); // Execute command using (var myDataReader = showresult.ExecuteReader(CommandBehavior.CloseConnection)) { while (myDataReader.Read()) { // Save the values list.Add(SqlInjection.SafeSqlLiteralRevert(myDataReader.GetString(0))); list.Add(SqlInjection.SafeSqlLiteralRevert(myDataReader.GetString(1))); list.Add(myDataReader.GetString(2)); list.Add(SqlInjection.SafeSqlLiteralRevert(myDataReader.GetString(3))); list.Add(myDataReader.GetString(4)); list.Add(myDataReader.GetString(5)); list.Add(myDataReader.GetString(6)); } } } catch (MySqlException) { // MySqlException bail out } finally { DatabaseConnection.DatabaseClose(empConnection); } } } return(list); }
/// <summary> /// 获取部门下的用户(分页) /// </summary> public string GetPagerDepartmentUser(string departmentIds, string order, int pageSize, int pageIndex) { if (SqlInjection.GetString(departmentIds)) //简单sql防注入 { departmentIds = ""; } if (SqlInjection.GetString(order)) { order = "CreateTime asc"; } int totalCount = dal.GetDepartmentUserCount(departmentIds); DataTable dt = dal.GetPagerDepartmentUser(departmentIds, order, pageSize, pageIndex); string strjson = JsonHelper.ToJson(dt); return("{\"total\": " + totalCount.ToString() + ",\"rows\":" + strjson + "}"); }
public ActionResult GetAllFieldsInfo() { string strWhere = "1=1"; string sort = Request["sort"] == null ? "Id" : Request["sort"]; string order = Request["order"] == null ? "asc" : Request["order"]; if (!string.IsNullOrEmpty(Request["FieldName"]) && !SqlInjection.GetString(Request["FieldName"])) { strWhere += " and FieldName like '%" + Request["FieldName"] + "%'"; } if (!string.IsNullOrEmpty(Request["FieldViewName"]) && !SqlInjection.GetString(Request["FieldViewName"])) { strWhere += " and FieldViewName like '%" + Request["FieldViewName"] + "%'"; } if (!string.IsNullOrEmpty(Request["SelTabId"])) { strWhere += " and TabId = '" + Request["SelTabId"] + "'"; } //首先获取前台传递过来的参数 int pageindex = Request["page"] == null ? 1 : Convert.ToInt32(Request["page"]); int pagesize = Request["rows"] == null ? 10 : Convert.ToInt32(Request["rows"]); int totalCount = 0; string strJson = ""; //输出结果 if (order.IndexOf(',') != -1) //如果有","就是多列排序(不能拿列判断,列名中间可能有","符号) { //多列排序: //sort:ParentId,Sort,AddDate //order:asc,desc,asc string sortMulti = ""; //拼接排序条件,例:TabId desc,Sort asc string[] sortArray = sort.Split(','); //列名中间有","符号,这里也要出错。正常不会有 string[] orderArray = order.Split(','); for (int i = 0; i < sortArray.Length; i++) { sortMulti += sortArray[i] + " " + orderArray[i] + ","; } strJson = new FieldsBLL().GetPager("vw_Fields", "Id,TabId,FieldName,FieldViewName,FieldDataTypeId,IsActive,IsSearch,Sort,CreateTime,CreateBy,UpdateTime,UpdateBy,DataType,DataTypeName,TabName,TabViewName", sortMulti.Trim(','), pagesize, pageindex, strWhere, out totalCount); } else { strJson = new FieldsBLL().GetPager("vw_Fields", "Id,TabId,FieldName,FieldViewName,FieldDataTypeId,IsActive,IsSearch,Sort,CreateTime,CreateBy,UpdateTime,UpdateBy,DataType,DataTypeName,TabName,TabViewName", sort + " " + order, pagesize, pageindex, strWhere, out totalCount); } var jsonResult = new { total = totalCount.ToString(), rows = strJson }; return(Content("{\"total\": " + totalCount.ToString() + ",\"rows\":" + strJson + "}")); }
public OrmLitePageResult <Ad> SelectList(string title, int?adTypeId, DateTime?start, DateTime?end, int pageIndex, int pageSize) { StringBuilder sb = new StringBuilder(); var ps = DictBuilder.New(); sb.Append("1=1"); var orderBy = "id desc"; title = SqlInjection.Filter(title); if (!string.IsNullOrEmpty(title)) { sb.AppendFormat(" and Title like '%{0}%'", title); } if (adTypeId > 0) { orderBy = "OrderNum"; sb.AppendFormat(" and TypeId={0}", adTypeId); } if (start.HasValue) { sb.AppendFormat(" and EndTime>@start"); ps.EQ("start", start.Value); } if (end.HasValue) { sb.Append(" and EndTime<@end"); ps.EQ("end", end.Value.AddDays(1)); } var factor = new OrmLitePageFactor { Conditions = sb.ToString(), PageIndex = pageIndex, PageSize = pageSize, OrderBy = orderBy, Params = ps }; return(_adDao.SelectPage(factor)); }
public ActionResult GetAllRequestionTypeInfo() { string strWhere = "1=1"; string sort = Request["sort"] == null ? "id" : Request["sort"]; string order = Request["order"] == null ? "asc" : Request["order"]; if (!string.IsNullOrEmpty(Request["FTypeName"]) && !SqlInjection.GetString(Request["FTypeName"])) { strWhere += " and ftypename like '%" + Request["FTypeName"] + "%'"; } //首先获取前台传递过来的参数 int pageindex = Request["page"] == null ? 1 : Convert.ToInt32(Request["page"]); int pagesize = Request["rows"] == null ? 10 : Convert.ToInt32(Request["rows"]); int totalCount = 0; //输出参数 string strJson = new RequestionTypeBLL().GetPager("tbRequestionType", "[id],[ftypename],fsort,CreateTime,CreateBy,UpdateTime,UpdateBy", sort + " " + order, pagesize, pageindex, strWhere, out totalCount); return(Content("{\"total\": " + totalCount.ToString() + ",\"rows\":" + strJson + "}")); }
public ActionResult GetAllButtonInfo() { string strWhere = "1=1"; string sort = Request["sort"] == null ? "id" : Request["sort"]; string order = Request["order"] == null ? "asc" : Request["order"]; if (!string.IsNullOrEmpty(Request["FButtonName"]) && !SqlInjection.GetString(Request["FButtonName"])) { strWhere += " and Name like '%" + Request["FButtonName"] + "%'"; } //首先获取前台传递过来的参数 int pageindex = Request["page"] == null ? 1 : Convert.ToInt32(Request["page"]); int pagesize = Request["rows"] == null ? 10 : Convert.ToInt32(Request["rows"]); int totalCount = 0; //输出参数 string strJson = JsonHelper.ToJson(SqlPagerHelper.GetPager("tbButton", "Id,Name,Code,Icon,Sort,Description,CreateTime,CreateBy,UpdateTime,UpdateBy", sort + " " + order, pagesize, pageindex, strWhere, out totalCount)); return(Content("{\"total\": " + totalCount.ToString() + ",\"rows\":" + strJson + "}")); }
public OrmLitePageResult <SystemRes> SelectList(string name, int pageIndex, int pageSize) { name = SqlInjection.Filter(name); var condition = ""; if (!string.IsNullOrEmpty(name)) { condition = " Name LIKE '%" + name + "%'"; } return(SelectPage(new OrmLitePageFactor { Conditions = condition, OrderBy = "ID asc", PageIndex = pageIndex, PageSize = pageSize, })); }