//[BackMangerMYSQLInject]
public ActionResult UpdateMessage()
{
var data = new AVGD.Rpt.Areas.Admin.Models.FormValue
{
sqlvalue = Request.Form["报表sql语句"],
totalcolumn = Request.Form["统计字段"],
sortcolumn = Request.Form["排序字段"],
sorttype = Request.Form["排序方式"],
report = Request.Form["report"]
};
#region 检验输入的sql语句是否安全
if (!checkSql(data.sqlvalue))
{
return(Content("错误!"));
}
#endregion
AdminDALController adminDAL = new AdminDALController(_db);
int rowEf = adminDAL.UpdateCategoryMessage(data);
if (1 == rowEf)
{
return(Content("ok"));
}
//LogHelper.WriteLog(typeof(rptedsmallController), "admin home updatemessage" + data);
return(Content("错误!"));
}
public ActionResult Editreport()
{
var data = new AVGD.Rpt.Areas.Admin.Models.FormValue
{
reportname = Request.Form["报表名称"],
sqlvalue = Request.Form["报表sql值"],
categoryId = Convert.ToInt32(Request.Form["报表类别"]),
totalcolumn = Request.Form["统计字段"],
sortcolumn = Request.Form["排序字段"],
sorttype = Request.Form["排序方式"],
report = Request.Form["report"]
};
#region 检验输入的sql语句是否安全
if (!checkSql(data.sqlvalue))
{
return(Content("错误!"));
}
#endregion
int rowEf = new AdminDALController(_db).EditReport(data);
if (1 == rowEf)
{
return(Content("ok"));
}
return(Content("no"));
}
public int AddReport(AVGD.Rpt.Areas.Admin.Models.FormValue value)
{
rpt_categorydetail rpt = new rpt_categorydetail();
rpt.Id = value.report;
rpt.Detailedname = value.reportname;
rpt.Order = value.sorttype;
rpt.Cateoryid = value.categoryId;
rpt.Sort = value.sortcolumn;
rpt.Sqlvalue = value.sqlvalue;
rpt.Total = value.totalcolumn;
_db.rpt_categorydetail.Add(rpt);
return(_db.SaveChanges());
}
public int UpdateCategoryMessage(AVGD.Rpt.Areas.Admin.Models.FormValue detail)
{
rpt_categorydetail rpt_categorydetail = _db.rpt_categorydetail.Where(category => category.Id == detail.report).FirstOrDefault();
if (rpt_categorydetail != null)
{
_db.rpt_categorydetail.Attach(rpt_categorydetail);
rpt_categorydetail.Order = detail.sorttype;
rpt_categorydetail.Sqlvalue = detail.sqlvalue;
rpt_categorydetail.Sort = detail.sortcolumn;
rpt_categorydetail.Total = detail.totalcolumn;
return(_db.SaveChanges());
}
return(0);
}
public int EditReport(AVGD.Rpt.Areas.Admin.Models.FormValue value)
{
if (value.report.IsEmpty())
{
return(0);
}
rpt_categorydetail rpt = _db.rpt_categorydetail.Where(r => r.Id == value.report).FirstOrDefault();
if (rpt != null)
{
_db.rpt_categorydetail.Attach(rpt);
rpt.Detailedname = value.reportname;
rpt.Cateoryid = value.categoryId;
rpt.Order = value.sorttype;
rpt.Sort = value.sortcolumn;
rpt.Sqlvalue = value.sqlvalue;
rpt.Total = value.totalcolumn;
return(_db.SaveChanges());
}
return(0);
}