private static void ExecuteQuery(SqlDatabase DB, HttpRequest request, HttpResponse response, HttpSessionState session) { #region check token if ((string)session["token"] != request.ServerVariables["REMOTE_ADDR"]) { throw new WebDatabaseException("Access denied."); } #endregion #region prepare sql command SqlCommand cmd = new SqlCommand(request.Form["q"]); foreach (string key in request.Form.AllKeys) { if (key != "q") { using (MemoryStream mS = new MemoryStream(Convert.FromBase64String(request.Form[key]))) { WebDbDataItem parameter = new WebDbDataItem(mS); if (parameter.Value == null) { cmd.Parameters.Add(key, parameter.Type).Value = DBNull.Value; } else { cmd.Parameters.Add(key, parameter.Type).Value = parameter.Value; } } } } #endregion #region execute command if (cmd.CommandText.StartsWith("SELECT", StringComparison.OrdinalIgnoreCase)) { #region TableQuery DataTable DT = DB.TableQuery(cmd); //write output BinaryWriter bW = new BinaryWriter(response.OutputStream); //error code bW.Write(0); //write column names bW.Write(Convert.ToByte(DT.Columns.Count)); foreach (DataColumn col in DT.Columns) { bW.Write(Convert.ToByte(col.ColumnName.Length)); bW.Write(Encoding.UTF8.GetBytes(col.ColumnName)); } //write row data bW.Write(DT.Rows.Count); foreach (DataRow DR in DT.Rows) { for (int iCol = 0; iCol < DT.Columns.Count; iCol++) { object value; if (DR.IsNull(iCol)) { value = null; } else { value = DR[iCol]; } Type type = DR[iCol].GetType(); WebDbDataItem dbItem; if (type == typeof(Int64)) { dbItem = new WebDbDataItem(SqlDbType.BigInt, value); } else if (type == typeof(byte[])) { dbItem = new WebDbDataItem(SqlDbType.VarBinary, value); } else if (type == typeof(string)) { dbItem = new WebDbDataItem(SqlDbType.NVarChar, value); } else if (type == typeof(DateTime)) { dbItem = new WebDbDataItem(SqlDbType.DateTime, value); } else if (type == typeof(double)) { dbItem = new WebDbDataItem(SqlDbType.Float, value); } else if (type == typeof(int)) { dbItem = new WebDbDataItem(SqlDbType.Int, value); } else if (type == typeof(float)) { dbItem = new WebDbDataItem(SqlDbType.Real, value); } else if (type == typeof(Int16)) { dbItem = new WebDbDataItem(SqlDbType.SmallInt, value); } else if (type == typeof(byte)) { dbItem = new WebDbDataItem(SqlDbType.TinyInt, value); } else if (type == typeof(DBNull)) { dbItem = new WebDbDataItem(SqlDbType.TinyInt, null); } else { throw new Exception("Data type '" + type.ToString() + "' not supported."); } dbItem.WriteTo(bW); } } bW.Flush(); #endregion } else { #region Command int rowsAffected = DB.Command(cmd); //write output BinaryWriter bW = new BinaryWriter(response.OutputStream); bW.Write(0); //error code bW.Write(rowsAffected); bW.Flush(); #endregion } #endregion }