public bool deleteInfo(string infoid) { string sqlStr = string.Format(@"DELETE FROM WEB_FEEDBACK WHERE ASKEY=N'{0}' ", infoid); DatabaseAccess DA = new DatabaseAccess(); int vat = DA.ExcuteSql(sqlStr); if (vat >= 0) { sqlStr = string.Format(@"DELETE FROM WEB_INFO WHERE SYSID = N'{0}'", infoid); vat = DA.ExcuteSql(sqlStr); if (vat == 1) return true; } return false; }
/// <summary> /// 添加通知信息 /// </summary> /// <param name="infoTitle">通知文头</param> /// <param name="context">通知内容</param> /// <param name="teamID">关联的teamID</param> /// <returns>添加成功与否,成功返回true,否则返回false</returns> public bool addInfo(string infoTitle , string context , string[] teamID ,string adduser , string type , string endtime) { infoTitle = infoTitle.Replace(@"'", "''"); context = context.Replace(@"'", "''"); bool isFinished = true; DatabaseAccess da = new DatabaseAccess(); foreach(string teamid in teamID) { string sqlStr = string.Empty; if (teamid == @"0") { sqlStr = string.Format(@"INSERT WEB_INFO(INFOTITLE , INFODETAIL , TEAMID , ADDUSER , TYPE , ENDTIME) VALUES (N'{0}',N'{1}',NULL,N'{3}' , N'{4}' , N'{5}')", infoTitle, context, teamid, adduser,type ,endtime); } else { sqlStr = string.Format(@"INSERT WEB_INFO(INFOTITLE , INFODETAIL , TEAMID , ADDUSER , TYPE, ENDTIME) VALUES (N'{0}',N'{1}',N'{2}',N'{3}', N'{4}', N'{5}')", infoTitle, context, teamid, adduser, type , endtime); } int vat = da.ExcuteSql(sqlStr); if(vat != 1) { isFinished = false; break; } } return isFinished; }
/// <summary> /// 根据团队创建人删除团队信息 /// 该函数存在安全隐患(数据库关联隐患,请谨慎使用) /// </summary> /// <param name="usercode">创建人ID</param> /// <returns></returns> public bool deleteTeamByTeamLeaderUsercode(string usercode) { string sqlStr = string.Format(@"DELETE FROM WEB_TEAM_PROFILE WHERE LEADER = N'{0}'",usercode); DatabaseAccess da = new DatabaseAccess(); int vat = da.ExcuteSql(sqlStr); if (vat >= 0) { return true; } return false; }
/// <summary> /// 根据用户id删除团队加入信息 /// </summary> /// <param name="userid"></param> /// <returns></returns> public bool deleteTeamMemberByUserid(string userid) { string sqlStr = string.Format(@"DELETE FROM WEB_TEAM_MEMBER WHERE USERCODE = N'{0}'", userid); DatabaseAccess da = new DatabaseAccess(); int vat = da.ExcuteSql(sqlStr); if(vat >= 0) { return true; } return false; }
public int saveFeedback(string userName, string type, string url, string teamID, string askey) { string strSql = string.Empty; if (string.IsNullOrEmpty(teamID)) strSql = string.Format(@"INSERT INTO WEB_FEEDBACK (userName, feedbackType, url,ASKEY) VALUES(N'{0}', N'{1}', N'{2}',{3})", userName, type, url, string.IsNullOrEmpty(askey)?@"NULL" : "N'"+askey+"'"); else strSql = string.Format(@"INSERT INTO WEB_FEEDBACK (userName, feedbackType, url, teamID,ASKEY) VALUES(N'{0}', N'{1}', N'{2}', N'{3}',{4})", userName, type, url, teamID, string.IsNullOrEmpty(askey) ? @"NULL" : "N'" + askey + "'"); DatabaseAccess da = new DatabaseAccess(); return (da.ExcuteSql(strSql)); }
/// <summary> /// 根据用户ID去修改其角色 /// 根据需求可改数据库以及参数介绍 /// </summary> /// <param name="userid">用户的网站id</param> /// <param name="roleid"> ///0 admin 管理员 ///1 staff 项目成员 ///2 coordinator 协调员 ///3 RA 协调助理 ///4 partner 参赛者 ///5 webGuest 网页用户 /// </param> /// <returns>修改成功返回true</returns> public static bool ChangeUserRoleByUserIDWithRoleID(string userid, string roleid) { string sqlStr = string.Format(@"UPDATE WEB_USERPROFILE SET ROLEID = N'{0}' WHERE USERID = N'{1}'",roleid,userid); DatabaseAccess DA = new DatabaseAccess(); int vat = DA.ExcuteSql(sqlStr); if(vat == 1) { return true; } else { return false; } }
/// <summary> /// 根据userid删除该用户的所有申请 /// </summary> /// <param name="userid">用户ID</param> /// <returns>如果删除成功返回true;否则返回false</returns> public bool DeleteApplyByUserID(string userid) { string sqlStr = string.Format(@"DELETE FROM WEB_APPLY WHERE USERID = N'{0}'", userid); DatabaseAccess da = new DatabaseAccess(); int vat = da.ExcuteSql(sqlStr); if(vat >= 0) { return true; } else { return false; } }
/// <summary> /// 添加一个申请记录 /// </summary> /// <param name="applyID">申请项目的ID</param> /// <param name="userID">申请人用户ID</param> /// <param name="message">留言内容</param> /// <returns>生成成功返回true,否则false</returns> public bool AddApplication(string applyID , string userID,string message , string detail) { message = Util.commonTool.checkStrForSql(message); if(!String.IsNullOrEmpty(detail)) { detail = Util.commonTool.checkStrForSql(detail); } string sqlStr = string.Format(@"INSERT INTO WEB_APPLY(USERID , WEB_APPLICATION_ID,MESSAGE , DETAILPOSITION) VALUES(N'{0}',N'{1}',N'{2}',{3})", userID, applyID, message, detail == null ? "NULL" : "N'" + detail + "'"); DatabaseAccess da = new DatabaseAccess(); int row = da.ExcuteSql(sqlStr); if (row == 1) return true; else return false; }
/// <summary> /// 对用户申请进行审批 /// </summary> /// <param name="ID"></param> /// <param name="action"></param> /// <param name="feedback"></param> /// <returns></returns> public string approvalApplication(string ID , string action , string feedback) { DatabaseAccess da = new DatabaseAccess(); string sqlStr = string.Format(@"UPDATE WEB_APPLY SET PASS = N'{0}', FEEDBACK = N'{1}' WHERE ID = N'{2}'", action, feedback, ID); int vat = da.ExcuteSql(sqlStr); if(vat == 1) { return @"审批成功"; } else { return @"后台出现逻辑错误,请联系管理员"; } }
public bool updateTeamMember(string sysid, string teamID) { string queryStr = string.Format("UPDATE WEB_TEAM_MEMBER SET TEAMID=N'{0}' WHERE SYSID=N'{1}'", teamID, sysid); DatabaseAccess da = new DatabaseAccess(); return (da.ExcuteSql(queryStr) == 1); }
/// <summary> /// 插入一条团队信息 /// </summary> /// <param name="teamProfile">团队信息的内容</param> /// <param name="userID">插入人的ID</param> /// <returns>返回插入的ID号</returns> public string SavaTeamInfo(Dictionary<string, string> teamProfile, string userID) { string sqlStr = string.Format(@"INSERT WEB_TEAM_PROFILE(PROVINCEID,TEAMNAME,LEADER) VALUES(N'{0}' , N'{1}',N'{2}')", teamProfile["Province"], teamProfile["teamName"], userID); DatabaseAccess da = new DatabaseAccess(); int vat = da.ExcuteSql(sqlStr); if (vat == 1) { string queryStr = string.Format(@"SELECT TEAMID FROM WEB_TEAM_PROFILE WHERE TEAMNAME = N'{0}'", teamProfile["teamName"]); DataTable dt = da.queryDatatable(queryStr); string teamID = dt.Rows[0][0].ToString(); sqlStr = string.Format(@"INSERT WEB_TEAM_MEMBER(USERCODE,TEAMID,ROLENAME) VALUES(N'{0}',N'{1}',N'队长')", userID, teamID); vat = da.ExcuteSql(sqlStr); RoleManage.ChangeUserRoleByUserIDWithRoleID(userID, "4"); if (vat == 1) { return teamID; } } return @"数据库操作失败"; }
public bool joinTeam(string teamID, string userID,string teamRole) { string queryStr = string.Empty; if (!string.IsNullOrEmpty(teamID)) queryStr = string.Format("INSERT WEB_TEAM_MEMBER(usercode, teamID, roleName) VALUES(N'{0}', N'{1}', N'{2}')", userID, teamID, teamRole); else queryStr = string.Format("INSERT WEB_TEAM_MEMBER(usercode, roleName) VALUES(N'{0}', N'{1}')", userID, teamRole); DatabaseAccess da = new DatabaseAccess(); return (da.ExcuteSql(queryStr) == 1); }