/// <summary> /// /// </summary> /// <param name="commandType"></param> /// <param name="commandText"></param> /// <param name="commandParameters"></param> /// <param name="ds"></param> /// <param name="tableName"></param> /// <returns></returns> public override DataSet ExecuteDataset(CommandType commandType, string commandText, QueryParameterCollection commandParameters, DataSet ds, string tableName) { try { var cmd = new OracleCommand(); PrepareCommand(cmd, commandType, commandText, commandParameters); var adapter = new OracleDataAdapter(cmd); if (Equals(tableName, null) || (tableName.Length < 1)) { adapter.Fill(ds); } else { adapter.Fill(ds, tableName); } base.SyncParameter(commandParameters); cmd.Parameters.Clear(); return ds; } catch { if (trans != null) { RollbackTransaction(); } throw; } finally { Close(); } }
/// <summary> /// ExecuteXmlReader /// </summary> /// <param name="commandText"></param> /// <param name="commandParameters"></param> /// <returns></returns> public XmlReader ExecuteXmlReader(string commandText, QueryParameterCollection commandParameters) { return ExecuteXmlReader(CommandType.Text, commandText, commandParameters); }
internal static int CheckSQLText(QueryParameterCollection commandParameters, out string notallow) { notallow = ""; if (commandParameters == null) return 1; foreach (var item in commandParameters) { var parameter = item as QueryParameter; if (parameter == null) continue; if (CheckSQLText(parameter.Value.ToString(), out notallow) == -1) return -1; } return 1; }
public void CheckSQLTextTest_params_有注入() { var commandParameters = new QueryParameterCollection { new QueryParameter { Value = "'" } }; // TODO: 初始化为适当的值 string notallow = string.Empty; // TODO: 初始化为适当的值 string notallowExpected = "'"; // TODO: 初始化为适当的值 int expected = -1; // TODO: 初始化为适当的值 int actual; actual = CheckSQL.CheckSQLText(commandParameters, out notallow); Assert.AreEqual(notallowExpected, notallow); Assert.AreEqual(expected, actual); //Assert.Inconclusive("验证此测试方法的正确性。"); }
/// <summary> /// /// </summary> /// <param name="cmd"></param> /// <param name="commandType"></param> /// <param name="commandText"></param> /// <param name="commandParameters"></param> private void PrepareCommand(OracleCommand cmd, CommandType commandType, string commandText, QueryParameterCollection commandParameters) { cmd.CommandType = commandType; cmd.CommandText = commandText; cmd.Connection = (OracleConnection) m_DbConnection; cmd.Transaction = (OracleTransaction) trans; if ((commandParameters != null) && (commandParameters.Count > 0)) { for (int i = 0; i < commandParameters.Count; i++) { commandParameters[i].InitRealParameter(DatabaseType.Oracle); cmd.Parameters.Add(commandParameters[i].RealParameter as OracleParameter); } } Open(); }
/// <summary> /// /// </summary> /// <param name="commandType"></param> /// <param name="commandText"></param> /// <param name="commandParameters"></param> /// <returns></returns> public override object ExecuteScalar(CommandType commandType, string commandText, QueryParameterCollection commandParameters) { try { var cmd = new OracleCommand(); PrepareCommand(cmd, commandType, commandText, commandParameters); object obj2 = cmd.ExecuteScalar(); base.SyncParameter(commandParameters); cmd.Parameters.Clear(); return obj2; } catch { if (trans != null) { RollbackTransaction(); } throw; } finally { Close(); } }
/// <summary> /// 参数准备 /// </summary> /// <param name="cmd"></param> /// <param name="commandType"></param> /// <param name="commandText"></param> /// <param name="commandParameters"></param> private void PrepareCommand(SqlCommand cmd, CommandType commandType, string commandText, QueryParameterCollection commandParameters) { cmd.CommandType = commandType; cmd.CommandText = commandText; cmd.Connection = (SqlConnection)m_DbConnection; cmd.Transaction = (SqlTransaction)trans; if (commandText.IndexOf("''") >= 0) { var blankname = "@____blankchar_______"; commandText = commandText.Replace("''", blankname); if (commandParameters == null) commandParameters = new QueryParameterCollection(); commandParameters.Add(blankname, ""); } if ((commandParameters != null) && (commandParameters.Count > 0)) { for (int i = 0; i < commandParameters.Count; i++) { commandParameters[i].InitRealParameter(DatabaseType.MSSQLServer); cmd.Parameters.Add(commandParameters[i].RealParameter as SqlParameter); } } Open(); //if (this.checkSQL) //{ string notallow = string.Empty; //所有的执行方式都检查参数,包括存储过程和SQL语句 //if (CheckSQL.CheckSQLText(commandParameters, out notallow) <= 0) //语句中有不允许的内容,如果是开发人员写的,请改写sql语句或写存储过程实现 //{ // Dev.Log.Loger.Error("sql语句中不允许出现:" + notallow); // throw new Exception("数据格式不正确!!!"); //} //} //if (this.checkParms) //{ //string notallow; if (!commandType.Equals(CommandType.StoredProcedure) && CheckSQL.CheckSQLText(commandText, out notallow) <= 0) //语句中有不允许的内容,如果是开发人员写的,请改写sql语句或写存储过程实现 { Loger.Error("sql语句中不允许出现:" + notallow); throw new Exception("数据格式不正确!!!注入字符" + notallow); } //} //DBLog.AddLog("", commandType, commandText, commandParameters); }
/// <summary> /// ExecuteNonQuery /// </summary> /// <param name="commandType"></param> /// <param name="commandText"></param> /// <param name="commandParameters"></param> /// <returns></returns> public override int ExecuteNonQuery(CommandType commandType, string commandText, QueryParameterCollection commandParameters) { try { var cmd = new SqlCommand(); PrepareCommand(cmd, commandType, commandText, commandParameters); int num = cmd.ExecuteNonQuery(); base.SyncParameter(commandParameters); cmd.Parameters.Clear(); return num; } catch { exceptioned = true; throw; } finally { Close(); } }
/// <summary> /// ExecuteDataset /// </summary> /// <param name="commandType"></param> /// <param name="commandText"></param> /// <param name="commandParameters"></param> /// <param name="ds"></param> /// <param name="tableName"></param> /// <returns></returns> public abstract DataSet ExecuteDataset(CommandType commandType, string commandText, QueryParameterCollection commandParameters, DataSet ds, string tableName);
/// <summary> /// ExecuteDataset /// </summary> /// <param name="commandText"></param> /// <param name="commandParameters"></param> /// <param name="ds"></param> /// <param name="tableName"></param> /// <returns></returns> public DataSet ExecuteDataset(string commandText, QueryParameterCollection commandParameters, DataSet ds, string tableName) { return ExecuteDataset(CommandType.Text, commandText, commandParameters, ds, tableName); }
/// <summary> /// ExecuteDataset /// </summary> /// <param name="commandType"></param> /// <param name="commandText"></param> /// <param name="commandParameters"></param> /// <param name="tableName"></param> /// <returns></returns> public DataSet ExecuteDataset(CommandType commandType, string commandText, QueryParameterCollection commandParameters, string tableName) { return ExecuteDataset(commandType, commandText, commandParameters, new DataSet(), tableName); }
/// <summary> /// ExecuteDataset /// </summary> /// <param name="commandType"></param> /// <param name="commandText"></param> /// <param name="commandParameters"></param> /// <param name="ds"></param> /// <returns></returns> public DataSet ExecuteDataset(CommandType commandType, string commandText, QueryParameterCollection commandParameters, DataSet ds) { return ExecuteDataset(commandType, commandText, commandParameters, ds, null); }
/// <summary> /// ExecuteDataset /// </summary> /// <param name="commandText"></param> /// <param name="commandParameters"></param> /// <returns></returns> public DataSet ExecuteDataset(string commandText, QueryParameterCollection commandParameters) { return ExecuteDataset(CommandType.Text, commandText, commandParameters, new DataSet(), null); }
/// <summary> /// /// </summary> /// <param name="commandType"></param> /// <param name="commandText"></param> /// <param name="commandParameters"></param> /// <returns></returns> public override int ExecuteNonQuery(CommandType commandType, string commandText, QueryParameterCollection commandParameters) { try { var cmd = new OleDbCommand(); PrepareCommand(cmd, commandType, commandText, commandParameters); int num = cmd.ExecuteNonQuery(); base.SyncParameter(commandParameters); cmd.Parameters.Clear(); return num; } catch { if (trans != null) { RollbackTransaction(); } throw; } finally { Close(); } }
/// <summary> /// ExecuteXmlReader /// </summary> /// <param name="commandType"></param> /// <param name="commandText"></param> /// <param name="commandParameters"></param> /// <returns></returns> public abstract XmlReader ExecuteXmlReader(CommandType commandType, string commandText, QueryParameterCollection commandParameters);
/// <summary> /// 同步参数 /// </summary> /// <param name="commandParameters"></param> protected void SyncParameter(QueryParameterCollection commandParameters) { if ((commandParameters != null) && (commandParameters.Count > 0)) { for (int i = 0; i < commandParameters.Count; i++) { commandParameters[i].SyncParameter(); } } }
/// <summary> /// ExecuteNonQuery /// </summary> /// <param name="commandText"></param> /// <param name="commandParameters"></param> /// <returns></returns> public int ExecuteNonQuery(string commandText, QueryParameterCollection commandParameters) { return ExecuteNonQuery(CommandType.Text, commandText, commandParameters); }
/// <summary> /// ExecuteXmlReader /// </summary> /// <param name="commandType"></param> /// <param name="commandText"></param> /// <param name="commandParameters"></param> /// <returns></returns> public override XmlReader ExecuteXmlReader(CommandType commandType, string commandText, QueryParameterCollection commandParameters) { try { var cmd = new SqlCommand(); PrepareCommand(cmd, commandType, commandText, commandParameters); XmlReader reader = cmd.ExecuteXmlReader(); base.SyncParameter(commandParameters); cmd.Parameters.Clear(); return reader; } catch { //if (trans != null) //{ // RollbackTransaction(); //} exceptioned = true; throw; } finally { Close(); } }
/// <summary> /// ExecuteNonQuery /// </summary> /// <param name="commandType"></param> /// <param name="commandText"></param> /// <param name="commandParameters"></param> /// <returns></returns> public abstract int ExecuteNonQuery(CommandType commandType, string commandText, QueryParameterCollection commandParameters);
/// <summary> /// /// </summary> /// <param name="commandType"></param> /// <param name="commandText"></param> /// <param name="commandParameters"></param> /// <returns></returns> public override IDataReader ExecuteReader(CommandType commandType, string commandText, QueryParameterCollection commandParameters) { var cmd = new OracleCommand(); PrepareCommand(cmd, commandType, commandText, commandParameters); OracleDataReader reader = cmd.ExecuteReader(); base.SyncParameter(commandParameters); cmd.Parameters.Clear(); return reader; }
/// <summary> /// /// </summary> /// <param name="action"></param> /// <param name="commandText"></param> /// <param name="commandParameters"></param> public void ExecuteReader(Action<IDataReader> action, string commandText, QueryParameterCollection commandParameters) { ExecuteReader(action, CommandType.Text, commandText, commandParameters); }
/// <summary> /// /// </summary> /// <param name="commandType"></param> /// <param name="commandText"></param> /// <param name="commandParameters"></param> /// <returns></returns> public override XmlReader ExecuteXmlReader(CommandType commandType, string commandText, QueryParameterCollection commandParameters) { XmlReader reader2; DataSet set = base.ExecuteDataset(commandType, commandText); base.SyncParameter(commandParameters); var input = new StringReader(set.GetXml()); try { reader2 = new XmlTextReader(input); } catch (Exception exception) { input.Close(); throw exception; } return reader2; }
/// <summary> /// /// </summary> /// <param name="action"></param> /// <param name="commandType"></param> /// <param name="commandText"></param> /// <param name="commandParameters"></param> public void ExecuteReader(Action<IDataReader> action, CommandType commandType, string commandText, QueryParameterCollection commandParameters) { IDataReader reader = null; try { reader = ExecuteReader(commandType, commandText, commandParameters); action(reader); } finally { if (reader != null) reader.Close(); Close(); } }
/// <summary> /// ExecuteScalar /// </summary> /// <param name="commandText"></param> /// <param name="commandParameters"></param> /// <returns></returns> public object ExecuteScalar(string commandText, QueryParameterCollection commandParameters) { return ExecuteScalar(CommandType.Text, commandText, commandParameters); }
/// <summary> /// ExecuteScalar /// </summary> /// <param name="commandType"></param> /// <param name="commandText"></param> /// <param name="commandParameters"></param> /// <returns></returns> public abstract object ExecuteScalar(CommandType commandType, string commandText, QueryParameterCollection commandParameters);
public void CheckSQLTextTest_params_to_Array() { var commandParameters = new QueryParameterCollection { new QueryParameter { Value = "'" } }; // TODO: 初始化为适当的值 var casted = commandParameters.Cast<QueryParameter>(); foreach (var item in casted) { var s = item.Value.ToString(); } //Assert.Inconclusive("验证此测试方法的正确性。"); }
public void AddLogTest() { for (var i = 0; i < 10000; i++) { // Dev.Log.Loger.Severity = Dev.Log.LogSeverity.Debug; //Dev.Log.SingletonLogger.Instance.Attach(new Dev.Log.ObserverLogToConsole()); string method = string.Empty; // TODO: 初始化为适当的值 var cmdType = CommandType.Text; // TODO: 初始化为适当的值 string cmdText = "select * from datab1ase"; // TODO: 初始化为适当的值 var cmdParms = new QueryParameterCollection(); // TODO: 初始化为适当的值 cmdParms.Add("@asdf", "asdfasdf"); cmdParms.Add("@bbb","aaaaaa-1"); } }