private string GenerateFilterConditionToSQL(string strFilterFieldValue, string strFilterFieldName, Hashtable htbOrtherFilterCondition)
{
StringBuilder strFilterCondition = new StringBuilder();
if (htbOrtherFilterCondition != null)
{
var myEnumerator = htbOrtherFilterCondition.GetEnumerator();
while (myEnumerator.MoveNext())
{
if (myEnumerator.Value == DBNull.Value)
{
if (strFilterCondition.Length > 0)
{
strFilterCondition.Append(" AND ");
}
strFilterCondition.Append(strTable + "." + myEnumerator.Key.ToString().Trim());
strFilterCondition.Append("IS NULL");
}
else if (myEnumerator.Value.ToString().ToUpper().Contains("IS NOT NULL"))
{
if (strFilterCondition.Length > 0)
{
strFilterCondition.Append(" AND ");
}
strFilterCondition.Append(strTable + "." + myEnumerator.Key.ToString().Trim());
strFilterCondition.Append("IS NOT NULL");
}
else
{
if (strFilterCondition.Length > 0)
{
strFilterCondition.Append(" AND ");
}
strFilterCondition.Append(strTable + "." + myEnumerator.Key.ToString().Trim());
strFilterCondition.Append("=N'");
strFilterCondition.Append(myEnumerator.Value);
strFilterCondition.Append("'");
}
}
strOnlyHashTable = strFilterCondition.ToString();
}
strFilterFieldValue = FormControlComponents.KillInjection(strFilterFieldValue);
if (!string.IsNullOrEmpty(strFilterFieldName) && strFilterFieldValue != string.Empty)
{
if (strFilterCondition.Length > 0)
{
strFilterCondition.Append(" AND ");
}
strFilterCondition.Append(strTable + "." + strFilterFieldName);
strFilterCondition.Append(" LIKE N'%");
strFilterCondition.Append(strFilterFieldValue.Replace("'", "''"));
strFilterCondition.Append("%'");
}
#region /// HACKED: Thachnn: fix bug injection
StringBuilder sql = new StringBuilder();
sql.Append(FormControlComponents.KillInjectionInLikeClause(strFilterCondition.ToString()));
#endregion /// ENDHACKED: Thachnn: fix bug injection
//var strConditionByRecord = Utilities.Instance.GetConditionByRecord(SystemProperty.UserName, strTableNameOrView);
//sql.Append(strConditionByRecord);
return(sql.ToString());
}