public static void GetSqlStatement(SqlCommand command, StringBuilder sentence, System.Data.DataRow row, string ColumnKey)
        {
            StringBuilder statementAux = new StringBuilder();

            SqlParameterCollection parameters = command.Parameters;

            statementAux.Append("Exec ").Append(command.CommandText).Append(" ");
            foreach (SqlParameter parameter in parameters)
            {
                try
                {
                    string parameterName = parameter.ParameterName;
                    statementAux.Append(parameterName + " = ");
                    object valor = null;
                    if (parameter.SourceColumn.Equals("IdGenerado"))
                    {
                        valor = row[ColumnKey];
                    }
                    else
                    if (parameter.SourceColumn.Equals("RowIdGenerado"))
                    {
                        valor = row["RowID"];
                    }
                    else
                    {
                        valor = row[parameter.SourceColumn];
                    }

                    if ((valor == System.DBNull.Value) || (valor == null))
                    {
                        statementAux.Append("NULL");
                    }
                    else
                    {
                        string valorString = mz.erp.systemframework.Util.ToString(valor, parameter.SqlDbType);
                        statementAux.Append(valorString);
                    }
                    if (parameters.IndexOf(parameter) != parameters.Count - 1)
                    {
                        statementAux.Append(", ");
                    }
                    else
                    {
                        statementAux.Append(";");
                    }
                }
                catch (Exception e)
                {
                }
            }

            sentence.Append(statementAux.ToString());
        }
        public void CollectionIndexOfCaseInsensitive()
        {
            SqlCommand             command    = new SqlCommand();
            SqlParameterCollection collection = command.Parameters;

            collection.Add(new SqlParameter("TEST1", 1));
            collection.Add(new SqlParameter("Test2", 2));
            collection.Add(new SqlParameter("Test3", 3));

            int index = collection.IndexOf("test1");

            Assert.Equal(0, index);
        }
Exemplo n.º 3
0
        /// <summary>
        /// 添加参数 addvithvalu(少个防sql注入的)
        /// </summary>
        /// <param name="key"></param>
        /// <param name="value"></param>
        public void AddWithValue(string key, string value)
        {
            int index = pm.IndexOf(key);

            if (index == -1)
            {
                pm.AddWithValue(key, value);
            }
            else
            {
                pm[index].Value = value;
            }
        }
Exemplo n.º 4
0
        public Boolean FillParametersIn(SqlCommand Command)
        {
            if (Command == null)
            {
                throw new SQLException("Null Referance Exception", new NullReferenceException());
            }

            SqlCommandBuilder.DeriveParameters(Command);

            SqlParameterCollection ParameterCollection = Command.Parameters;

            if (ParameterCollection == null)
            {
                throw new SQLException("Null Referance Exception", new NullReferenceException());
            }

            try
            {
                for (int Index = 0; Index < ParameterCollection.Count; Index++)
                {
                    SqlParameter Parameter      = ParameterCollection[Index];
                    SqlParameter ValidParameter = FindByName(Parameter.ParameterName);

                    if (ValidParameter == null)
                    {
                        Parameter.Value = DBNull.Value;
                        continue;
                    }

                    if (Parameter.SqlDbType.GetType() != ValidParameter.SqlDbType.GetType())
                    {
                        throw new System.Exception("SqlDbType isn't equal in parameters !!!");
                    }

                    ParameterCollection[ParameterCollection.IndexOf(Parameter)] = ValidParameter;
                }
            }
            catch (NullReferenceException Ex)
            {
                throw new SQLException("Null Referance Exception", Ex);
            }

            return(true);
        }
        /* Silvina 20100727 - Tarea 799 */

        public static string GetSqlStatementString(SqlCommand command, StringBuilder sentence)
        {
            StringBuilder statementAux = new StringBuilder();

            SqlParameterCollection parameters = command.Parameters;

            statementAux.Append("Exec ").Append(command.CommandText).Append(" ");
            foreach (SqlParameter parameter in parameters)
            {
                try
                {
                    string parameterName = parameter.ParameterName;
                    statementAux.Append(parameterName + " = ");
                    object valor = parameter.Value;
                    if ((valor == System.DBNull.Value) || (valor == null))
                    {
                        statementAux.Append("NULL");
                    }
                    else
                    {
                        string valorString = mz.erp.systemframework.Util.ToString(valor, parameter.SqlDbType);
                        statementAux.Append(valorString);
                    }
                    if (parameters.IndexOf(parameter) != parameters.Count - 1)
                    {
                        statementAux.Append(", ");
                    }
                    else
                    {
                        statementAux.Append(";");
                    }
                }
                catch (Exception e)
                {
                }
            }

            return(statementAux.ToString());
        }