public ActionResult Table(string table_name, string db_name = null, string order = null)
{
if (table_name.Contains(";") || table_name.Contains("--") || table_name.Contains(" "))
{
return(null);
}
DersaSqlManager M = new DersaSqlManager();
if (db_name != null)
{
M.SetDatabaseName(db_name);
}
string query = string.Format("select top 1000 * from {0}(nolock)", table_name);
if (!string.IsNullOrEmpty(order))
{
order = order.Replace(" desc", "____desc");
if (order.Contains(";") || order.Contains("--") || order.Contains(" "))
{
return(null);
}
order = order.Replace("____desc", " desc");
query += (" order by " + order);
}
System.Data.DataTable T = M.ExecSql(query, null, true);//.GetSqlObject(table_name, "", 1000);//ObjectMethods.ExecProc("REPORT$WorkplaceList");
return(View(T));
}
public string DownloadIcon(int id, bool from_stereotype)
{
try
{
DersaSqlManager M = new DersaSqlManager();
string sql = from_stereotype ? "select icon, name from STEREOTYPE (nolock) where stereotype = " + id.ToString()
: "select s.icon, s.name from STEREOTYPE s(nolock) join ENTITY e(nolock) on e.stereotype = s.stereotype where e.entity = " + id.ToString();
System.Data.DataTable T = M.ExecSql(sql);
Response.ContentType = "APPLICATION/OCTET-STREAM";
string Header = "Attachment; Filename=" + T.Rows[0][1].ToString() + ".gif";
Response.AppendHeader("Content-Disposition", Header);
byte[] bts = (byte[])T.Rows[0][0];
Response.OutputStream.Write(bts, 0, bts.Length);
Response.End();
return("OK");
}
catch (System.Exception exc)
{
Response.OutputStream.Flush();
Response.OutputStream.Close();
Response.ContentType = "TEXT/HTML";
Response.ClearHeaders();
Response.Write(exc.Message);
return(exc.Message);
}
}