public virtual ActionResult ExecuteSQL(ExecuteSubmission executeSubmission, string ID)
{
try
{
// Reattach database info to submission.
executeSubmission.Database = MgmtMdl.GetDatabase(ID);
// Verify data.
if (!ModelState.IsValid) // Invalid HTML form.
{
return(View(executeSubmission));
}
for (int i = 0; i < executeSubmission.Command.Length - 1; i++)
{
if (executeSubmission.Command[i] == ';') // Nonsensical SQL command.
{
System.Web.HttpContext.Current.Session["StatusMessage"] = "Invalid SQL command.";
return(View(executeSubmission));
}
}
// Fix missing semicolon, if needed.
if (executeSubmission.Command[executeSubmission.Command.Length - 1] != ';')
{
executeSubmission.Command += ";";
}
// Attempt to restore the database.
string sqlresults = IntfcMdl.Execute(executeSubmission);
executeSubmission.Result = "<strong>sql></strong> " + executeSubmission.Command + "\n\n" + sqlresults;
// Clear command and return results.
return(View(executeSubmission));
}
catch (Exception e)
{
System.Web.HttpContext.Current.Session["ErrorInfo"] = e.ToString();
return(RedirectToAction("Error", "View"));
}
}
public virtual ActionResult ExecuteSQL(string ID)
{
try
{
// Fetch database info.
ExecuteSubmission executeSubmission = new ExecuteSubmission();
DatabaseInfo database = MgmtMdl.GetDatabase(ID);
executeSubmission.Database = database;
// Verify user privileges.
if (database.Owner != User.Identity.GetADUsername())
{
System.Web.HttpContext.Current.Session["StatusMessage"] = "You do not have permisson to access the <strong>" + database.Name + "</strong> database.";
return(RedirectToAction("Index", "View"));
}
return(View("ExecuteSQL", executeSubmission));
}
catch (Exception e)
{
System.Web.HttpContext.Current.Session["ErrorInfo"] = e.ToString();
return(RedirectToAction("Error", "View"));
}
}
